This is an automated email from the ASF dual-hosted git repository.
jialiang pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 2e23e28b2f AMBARI-26102:Add validation for Download CSV on
Admin==>Kerberos tab (#3824)
2e23e28b2f is described below
commit 2e23e28b2f9665981d1745bf5bd3d5b3288f358d
Author: Bhavik Patel <[email protected]>
AuthorDate: Fri Sep 13 06:53:42 2024 +0530
AMBARI-26102:Add validation for Download CSV on Admin==>Kerberos tab (#3824)
---
.../ambari/server/api/services/ClusterService.java | 98 +++++++++++++++++++++-
1 file changed, 97 insertions(+), 1 deletion(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
index ec171455a1..a3506bdfbc 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ClusterService.java
@@ -21,6 +21,7 @@ package org.apache.ambari.server.api.services;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
@@ -36,6 +37,7 @@ import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.apache.ambari.server.api.resources.ResourceInstance;
+import org.apache.ambari.server.api.services.parsers.BodyParseException;
import org.apache.ambari.server.controller.AmbariServer;
import org.apache.ambari.server.controller.ClusterArtifactResponse;
import
org.apache.ambari.server.controller.ClusterResponse.ClusterResponseWrapper;
@@ -43,6 +45,13 @@ import
org.apache.ambari.server.controller.internal.ClusterResourceProvider;
import org.apache.ambari.server.controller.spi.Resource;
import org.apache.ambari.server.state.Clusters;
import org.apache.http.HttpStatus;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonArray;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
@@ -59,6 +68,10 @@ import io.swagger.annotations.ApiResponses;
@Api(value = "Clusters", description = "Endpoint for cluster-specific
operations")
public class ClusterService extends BaseService {
+ private final static Logger LOG =
LoggerFactory.getLogger(ClusterService.class);
+ public static final String INVALID_KERBEROS_CHAR = "^\"[=+@].*";
+
+ private final Gson gson = new Gson();
private static final String CLUSTER_REQUEST_TYPE =
"org.apache.ambari.server.api.services.ClusterRequestSwagger";
private static final String ARTIFACT_REQUEST_TYPE =
"org.apache.ambari.server.controller.ClusterArtifactRequest";
@@ -419,7 +432,13 @@ public class ClusterService extends BaseService {
public Response updateClusterArtifact(String body, @Context HttpHeaders
headers, @Context UriInfo ui,
@ApiParam(required = true) @PathParam("clusterName") String clusterName,
@ApiParam(required = true) @PathParam("artifactName") String artifactName
- ) {
+ ) throws BodyParseException {
+ if ("kerberos_descriptor".equals(artifactName)) {
+ LOG.info("Validating body For kerberos_descriptor");
+ if (parseBody(body)) {
+ throw new BodyParseException("Bad request received");
+ }
+ }
ResourceInstance resource = createArtifactResource(clusterName,
artifactName);
return handleRequest(headers, body, ui, Request.Type.PUT, resource);
}
@@ -860,4 +879,81 @@ public class ClusterService extends BaseService {
return createResource(Resource.Type.Artifact, mapIds);
}
+
+ private boolean parseBody(String body) {
+ JsonObject jsonObject = gson.fromJson(body, JsonObject.class);
+ if (jsonObject == null) {
+ return false;
+ }
+
+ JsonElement artifact_data = jsonObject.get("artifact_data");
+ if (artifact_data == null) {
+ return false;
+ }
+ JsonArray identities =
artifact_data.getAsJsonObject().getAsJsonArray("identities");
+ if (identities != null) {
+ if (checkKeytabsPrincipal(identities)) {
+ return true;
+ }
+ }
+
+ JsonArray services =
artifact_data.getAsJsonObject().getAsJsonArray("services");
+ for (int i = 0; i < services.size(); i++) {
+ JsonArray components =
services.get(i).getAsJsonObject().get("components").getAsJsonArray();
+ if (services.get(i).getAsJsonObject().get("identities") != null) {
+ if
(checkKeytabsPrincipal((JsonArray)services.get(i).getAsJsonObject().get("identities")))
{
+ return true;
+ }
+ }
+ for (int ii = 0; ii < components.size(); ii++) {
+ JsonArray componentsIdentities = (JsonArray)
components.get(ii).getAsJsonObject().get("identities");
+ if (componentsIdentities != null) {
+ if (checkKeytabsPrincipal(componentsIdentities)) {
+ return true;
+ }
+ }
+ }
+ }
+
+ Set<Map.Entry<String, JsonElement>> properties =
artifact_data.getAsJsonObject().getAsJsonObject("properties").entrySet();
+ for (Map.Entry<String, JsonElement> entry : properties) {
+ boolean res = validateValues(String.valueOf(entry.getValue()));
+ if (res) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private boolean checkKeytabsPrincipal(JsonArray identities) {
+ String keytabFile = "";
+ String principalValue = "";
+ for (int i = 0; i < identities.size(); i++) {
+ if (identities.get(i).getAsJsonObject().get("keytab") != null) {
+ keytabFile =
String.valueOf(identities.get(i).getAsJsonObject().get("keytab").getAsJsonObject().get("file"));
+ }
+ if (identities.get(i).getAsJsonObject().get("principal") != null) {
+ principalValue =
String.valueOf(identities.get(i).getAsJsonObject().get("principal").getAsJsonObject().get("value"));
+ }
+ if (!keytabFile.isEmpty() && !"null".equals(keytabFile)) {
+ if (validateValues(keytabFile)) {
+ return true;
+ }
+ }
+ if (!principalValue.isEmpty() && !"null".equals(principalValue)) {
+ if (validateValues(principalValue)) {
+ return true;
+ }
+ ;
+ }
+ }
+ return false;
+ }
+
+ private boolean validateValues(String values) {
+ if (values.matches(INVALID_KERBEROS_CHAR)) {
+ return true;
+ }
+ return false;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
