Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

Sat, 03 Feb 2024 00:02:23 -0800 


github-advanced-security[bot] commented on code in PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#discussion_r1477011637


##########
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java:
##########
@@ -325,59 +266,47 @@
         return crcString;
     }
 
-    public static void setFileOwner(Path filePath, String fileOwner) throws 
FileOperateException {
-        try {
-            // We use linux command to set the file owner, since jdk api will 
not use sudo.
-            String command = String.format("sudo chown %s %s", fileOwner, 
filePath.toString());
-            Runtime.getRuntime().exec(command);
-            Process process = Runtime.getRuntime().exec(command);
-            int exitCode = process.waitFor();
-            if (0 != exitCode) {
-                throw new FileOperateException(
-                        "Set file: " + filePath + " to owner: " + fileOwner + 
" failed, existCode(" + exitCode + ")");
-            }
-        } catch (FileOperateException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new FileOperateException("Set directory: " + filePath + " to 
owner: " + fileOwner + " failed");
-
+    public static void createFileWith755(@NonNull Path path) throws 
IOException {
+        if (SystemUtils.IS_OS_WINDOWS) {
+            Files.createFile(path);
+        } else {
+            Files.createFile(path);
+            Files.setPosixFilePermissions(path, PERMISSION_755);
         }
     }
 
-    public static void setDirectoryOwner(Path filePath, String fileOwner) 
throws FileOperateException {
-        try {
-            // We use linux command to set the file owner, since jdk api will 
not use sudo.
-            String command = String.format("sudo chown -R %s %s", fileOwner, 
filePath.toString());
-            Runtime.getRuntime().exec(command);
-            Process process = Runtime.getRuntime().exec(command);
-            int exitCode = process.waitFor();
-            if (0 != exitCode) {
-                throw new FileOperateException("Set directory: " + filePath + 
" to owner: " + fileOwner
-                        + " failed, existCode(" + exitCode + ")");
+    public static void createDirectoryWith755(@NonNull Path path) throws 
IOException {
+        if (path.toFile().exists()) {
+            return;
+        }
+        if (OSUtils.isWindows()) {
+            Files.createDirectories(path);
+        } else {
+            Path parent = path.getParent();
+            if (parent != null && !parent.toFile().exists()) {
+                createDirectoryWith755(parent);
             }
-        } catch (FileOperateException ex) {
-            throw ex;
-        } catch (Exception ex) {
-            throw new FileOperateException("Set directory: " + filePath + " to 
owner: " + fileOwner + " failed");
+
+            Files.createDirectory(path);

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   
   [Show more 
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3894)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to