You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@dolphinscheduler.apache.org by ga...@apache.org on 2022/03/14 06:37:24 UTC
[dolphinscheduler] branch 2.0.6-prepare updated: fix log and config file read (#8865)
This is an automated email from the ASF dual-hosted git repository.
gaojun2048 pushed a commit to branch 2.0.6-prepare
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git
The following commit(s) were added to refs/heads/2.0.6-prepare by this push:
new adc2234 fix log and config file read (#8865)
adc2234 is described below
commit adc223465b5b83a9446dfc809ae98cf4bbfaadce
Author: gaojun2048 <ga...@gmail.com>
AuthorDate: Mon Mar 14 14:34:05 2022 +0800
fix log and config file read (#8865)
---
.../server/log/LoggerRequestProcessor.java | 33 ++++++++++--
.../server/log/LoggerRequestProcessorTest.java | 58 +++++++++++++++++++++-
script/dolphinscheduler-daemon.sh | 4 +-
3 files changed, 88 insertions(+), 7 deletions(-)
diff --git a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessor.java b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessor.java
index f6e23f0..7115e24 100644
--- a/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessor.java
+++ b/dolphinscheduler-server/src/main/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessor.java
@@ -76,21 +76,35 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
case GET_LOG_BYTES_REQUEST:
GetLogBytesRequestCommand getLogRequest = JSONUtils.parseObject(
command.getBody(), GetLogBytesRequestCommand.class);
- byte[] bytes = getFileContentBytes(getLogRequest.getPath());
+ String path = getLogRequest.getPath();
+ if (!checkPathSecurity(path)) {
+ throw new IllegalArgumentException("Illegal path");
+ }
+ byte[] bytes = getFileContentBytes(path);
GetLogBytesResponseCommand getLogResponse = new GetLogBytesResponseCommand(bytes);
channel.writeAndFlush(getLogResponse.convert2Command(command.getOpaque()));
break;
case VIEW_WHOLE_LOG_REQUEST:
ViewLogRequestCommand viewLogRequest = JSONUtils.parseObject(
command.getBody(), ViewLogRequestCommand.class);
- String msg = LoggerUtils.readWholeFileContent(viewLogRequest.getPath());
+ String viewLogPath = viewLogRequest.getPath();
+ if (!checkPathSecurity(viewLogPath)) {
+ throw new IllegalArgumentException("Illegal path");
+ }
+ String msg = LoggerUtils.readWholeFileContent(viewLogPath);
ViewLogResponseCommand viewLogResponse = new ViewLogResponseCommand(msg);
channel.writeAndFlush(viewLogResponse.convert2Command(command.getOpaque()));
break;
case ROLL_VIEW_LOG_REQUEST:
RollViewLogRequestCommand rollViewLogRequest = JSONUtils.parseObject(
command.getBody(), RollViewLogRequestCommand.class);
- List<String> lines = readPartFileContent(rollViewLogRequest.getPath(),
+
+ String rollViewLogPath = rollViewLogRequest.getPath();
+ if (!checkPathSecurity(rollViewLogPath)) {
+ throw new IllegalArgumentException("Illegal path");
+ }
+
+ List<String> lines = readPartFileContent(rollViewLogPath,
rollViewLogRequest.getSkipLineNum(), rollViewLogRequest.getLimit());
StringBuilder builder = new StringBuilder();
for (String line : lines) {
@@ -104,7 +118,9 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
command.getBody(), RemoveTaskLogRequestCommand.class);
String taskLogPath = removeTaskLogRequest.getPath();
-
+ if (!checkPathSecurity(taskLogPath)) {
+ throw new IllegalArgumentException("Illegal path");
+ }
File taskLogFile = new File(taskLogPath);
Boolean status = true;
try {
@@ -123,6 +139,15 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
}
}
+ private boolean checkPathSecurity(String path) {
+ String dsHome = System.getProperty("DOLPHINSCHEDULER_HOME");
+ if (path.startsWith(dsHome) && !path.contains("../") && path.endsWith(".log")) {
+ return true;
+ }
+
+ return false;
+ }
+
public ExecutorService getExecutor() {
return this.executor;
}
diff --git a/dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessorTest.java b/dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessorTest.java
index e245395..b10c60a 100644
--- a/dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessorTest.java
+++ b/dolphinscheduler-server/src/test/java/org/apache/dolphinscheduler/server/log/LoggerRequestProcessorTest.java
@@ -37,14 +37,68 @@ import io.netty.channel.Channel;
@PrepareForTest({LoggerUtils.class})
public class LoggerRequestProcessorTest {
- @Test(expected = None.class)
+ @Test
public void testProcessViewWholeLogRequest() {
+ System.setProperty("DOLPHINSCHEDULER_HOME", System.getProperty("user.dir"));
Channel channel = PowerMockito.mock(Channel.class);
PowerMockito.when(channel.writeAndFlush(Mockito.any(Command.class))).thenReturn(null);
PowerMockito.mockStatic(LoggerUtils.class);
PowerMockito.when(LoggerUtils.readWholeFileContent(Mockito.anyString())).thenReturn("");
+ String userDir = System.getProperty("user.dir");
+ ViewLogRequestCommand logRequestCommand = new ViewLogRequestCommand(userDir + "/log/path/a.log");
- ViewLogRequestCommand logRequestCommand = new ViewLogRequestCommand("/log/path");
+ Command command = new Command();
+ command.setType(CommandType.VIEW_WHOLE_LOG_REQUEST);
+ command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
+
+ LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
+ loggerRequestProcessor.process(channel, command);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testProcessViewWholeLogRequestError() {
+ System.setProperty("DOLPHINSCHEDULER_HOME", System.getProperty("user.dir"));
+ Channel channel = PowerMockito.mock(Channel.class);
+ PowerMockito.when(channel.writeAndFlush(Mockito.any(Command.class))).thenReturn(null);
+ PowerMockito.mockStatic(LoggerUtils.class);
+ PowerMockito.when(LoggerUtils.readWholeFileContent(Mockito.anyString())).thenReturn("");
+ String userDir = System.getProperty("user.dir");
+ ViewLogRequestCommand logRequestCommand = new ViewLogRequestCommand(userDir + "/log/path/a");
+
+ Command command = new Command();
+ command.setType(CommandType.VIEW_WHOLE_LOG_REQUEST);
+ command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
+
+ LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
+ loggerRequestProcessor.process(channel, command);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testProcessViewWholeLogRequestErrorRelativePath() {
+ System.setProperty("DOLPHINSCHEDULER_HOME", System.getProperty("user.dir"));
+ Channel channel = PowerMockito.mock(Channel.class);
+ PowerMockito.when(channel.writeAndFlush(Mockito.any(Command.class))).thenReturn(null);
+ PowerMockito.mockStatic(LoggerUtils.class);
+ PowerMockito.when(LoggerUtils.readWholeFileContent(Mockito.anyString())).thenReturn("");
+ String userDir = System.getProperty("user.dir");
+ ViewLogRequestCommand logRequestCommand = new ViewLogRequestCommand(userDir + "/log/../../a.log");
+
+ Command command = new Command();
+ command.setType(CommandType.VIEW_WHOLE_LOG_REQUEST);
+ command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
+
+ LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
+ loggerRequestProcessor.process(channel, command);
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public void testProcessViewWholeLogRequestErrorStartWith() {
+ System.setProperty("DOLPHINSCHEDULER_HOME", System.getProperty("user.dir"));
+ Channel channel = PowerMockito.mock(Channel.class);
+ PowerMockito.when(channel.writeAndFlush(Mockito.any(Command.class))).thenReturn(null);
+ PowerMockito.mockStatic(LoggerUtils.class);
+ PowerMockito.when(LoggerUtils.readWholeFileContent(Mockito.anyString())).thenReturn("");
+ ViewLogRequestCommand logRequestCommand = new ViewLogRequestCommand("/log/a.log");
Command command = new Command();
command.setType(CommandType.VIEW_WHOLE_LOG_REQUEST);
diff --git a/script/dolphinscheduler-daemon.sh b/script/dolphinscheduler-daemon.sh
index c4db5e9..ac6d1db 100755
--- a/script/dolphinscheduler-daemon.sh
+++ b/script/dolphinscheduler-daemon.sh
@@ -33,7 +33,9 @@ echo "Begin $startStop $command......"
BIN_DIR=`dirname $0`
BIN_DIR=`cd "$BIN_DIR"; pwd`
-DOLPHINSCHEDULER_HOME=`cd "$BIN_DIR/.."; pwd`
+export DOLPHINSCHEDULER_HOME=`cd "$BIN_DIR/.."; pwd`
+
+chmod 700 -R ${DOLPHINSCHEDULER_HOME}
source /etc/profile
set -a