github-advanced-security[bot] commented on code in PR #15324:
URL:
https://github.com/apache/dolphinscheduler/pull/15324#discussion_r1429371110
##########
dolphinscheduler-datasource-plugin/dolphinscheduler-datasource-dolphindb/src/main/java/org/apache/dolphinscheduler/plugin/datasource/dolphindb/param/DolphinDBDataSourceProcessor.java:
##########
@@ -0,0 +1,180 @@
+package org.apache.dolphinscheduler.plugin.datasource.dolphindb.param;
+
+import org.apache.dolphinscheduler.common.constants.Constants;
+import org.apache.dolphinscheduler.common.constants.DataSourceConstants;
+import org.apache.dolphinscheduler.common.utils.JSONUtils;
+import
org.apache.dolphinscheduler.plugin.datasource.api.datasource.AbstractDataSourceProcessor;
+import
org.apache.dolphinscheduler.plugin.datasource.api.datasource.BaseDataSourceParamDTO;
+import
org.apache.dolphinscheduler.plugin.datasource.api.datasource.DataSourceProcessor;
+import org.apache.dolphinscheduler.plugin.datasource.api.utils.PasswordUtils;
+import org.apache.dolphinscheduler.spi.datasource.ConnectionParam;
+import org.apache.dolphinscheduler.spi.enums.DbType;
+
+import org.apache.commons.collections4.MapUtils;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.SQLException;
+import java.text.MessageFormat;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+import com.google.auto.service.AutoService;
+import com.google.common.collect.Sets;
+
+@AutoService(DataSourceProcessor.class)
+public class DolphinDBDataSourceProcessor extends AbstractDataSourceProcessor {
+
+ private static final Set<String> POSSIBLE_MALICIOUS_KEYS =
Sets.newHashSet("allowLoadLocalInfile");
+
+ private static final Pattern PARAMS_PATTER =
Pattern.compile("^[a-zA-Z0-9\\-\\_\\/\\@\\.\\:\\,\\ ]+$");
+
+ @Override
+ public BaseDataSourceParamDTO castDatasourceParamDTO(String paramJson) {
+ return JSONUtils.parseObject(paramJson,
DolphinDBDataSourceParamDTO.class);
+ }
+
+ @Override
+ public BaseDataSourceParamDTO createDatasourceParamDTO(String
connectionJson) {
+ DolphinDBConnectionParam connectionParams = (DolphinDBConnectionParam)
createConnectionParams(connectionJson);
+ DolphinDBDataSourceParamDTO dolphinDBDataSourceParamDTO = new
DolphinDBDataSourceParamDTO();
+
+ String[] hostSeperator =
connectionParams.getAddress().split(Constants.DOUBLE_SLASH);
+ String[] hostPortArray = hostSeperator[hostSeperator.length -
1].split(Constants.COMMA);
+
+
dolphinDBDataSourceParamDTO.setDatabase(connectionParams.getDatabase());
+ dolphinDBDataSourceParamDTO.setUserName(connectionParams.getUser());
+
dolphinDBDataSourceParamDTO.setPassword(connectionParams.getPassword());
+
dolphinDBDataSourceParamDTO.setPort(Integer.parseInt(hostPortArray[0].split(Constants.COLON)[1]));
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3810)
##########
dolphinscheduler-task-plugin/dolphinscheduler-task-sql/src/main/java/org/apache/dolphinscheduler/plugin/task/sql/SqlTask.java:
##########
@@ -333,10 +341,15 @@
String handlerType) throws Exception {
int result = 0;
for (SqlBinds sqlBind : statementsBinds) {
- try (PreparedStatement statement =
prepareStatementAndBind(connection, sqlBind)) {
- result = statement.executeUpdate();
- log.info("{} statement execute update result: {}, for sql:
{}", handlerType, result,
- sqlBind.getSql());
+ try (PreparedStatement statement =
prepareStatementAndBind(connection, sqlBind);) {
+ if
(DbType.valueOf(sqlParameters.getType()).equals(DbType.DOLPHINDB)) {
+ statement.executeQuery();
Review Comment:
## Potential database resource leak
This ResultSet is not always closed on method exit.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3811)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
