github-advanced-security[bot] commented on code in PR #18236:
URL:
https://github.com/apache/dolphinscheduler/pull/18236#discussion_r3208035343
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkflowDefinitionServiceImpl.java:
##########
@@ -1086,24 +1030,15 @@
List<WorkflowDefinition> workflowDefinitionListInProject =
workflowDefinitionList.stream()
.filter(o ->
userProjects.containsKey(o.getProjectCode())).collect(Collectors.toList());
if (CollectionUtils.isEmpty(workflowDefinitionListInProject)) {
- Set<Long> codesInProject = workflowDefinitionListInProject.stream()
-
.map(WorkflowDefinition::getCode).collect(Collectors.toSet());
- log.error("workflow definitions do not exist in project,
projectCode:{}, workflowDefinitionsCodes:{}.",
- workflowDefinitionListInProject.get(0).getProjectCode(),
codesInProject);
- putMsg(result, Status.WORKFLOW_DEFINITION_NOT_EXIST, codes);
- return result;
+ log.error("workflow definitions do not exist in project,
codes:{}.", codes);
Review Comment:
## CodeQL / Log Injection
This log entry depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5785)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowDefinitionController.java:
##########
@@ -306,13 +305,12 @@
@ResponseStatus(HttpStatus.OK)
@ApiException(SWITCH_WORKFLOW_DEFINITION_VERSION_ERROR)
@OperatorLog(auditType = AuditType.WORKFLOW_SWITCH_VERSION)
- public Result switchWorkflowDefinitionVersion(@Parameter(hidden = true)
@RequestAttribute(value = Constants.SESSION_USER) User loginUser,
- @Parameter(name =
"projectCode", description = "PROJECT_CODE", required = true) @PathVariable
long projectCode,
- @PathVariable(value =
"code") long code,
- @PathVariable(value =
"version") int version) {
- Map<String, Object> result =
-
workflowDefinitionService.switchWorkflowDefinitionVersion(loginUser,
projectCode, code, version);
- return returnDataList(result);
+ public Result<Void> switchWorkflowDefinitionVersion(@Parameter(hidden =
true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
Review Comment:
## CodeQL / HTTP request type unprotected from CSRF
Potential CSRF vulnerability due to using an HTTP request type which is not
default-protected from CSRF for an apparent [state-changing action](1).
Potential CSRF vulnerability due to using an HTTP request type which is not
default-protected from CSRF for an apparent [state-changing action](2).
Potential CSRF vulnerability due to using an HTTP request type which is not
default-protected from CSRF for an apparent [state-changing action](3).
Potential CSRF vulnerability due to using an HTTP request type which is not
default-protected from CSRF for an apparent [state-changing action](4).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5786)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowDefinitionController.java:
##########
@@ -597,12 +586,11 @@
@GetMapping(value = "/query-task-definition-list")
@ResponseStatus(HttpStatus.OK)
@ApiException(GET_TASKS_LIST_BY_WORKFLOW_DEFINITION_CODE_ERROR)
- public Result getTaskListByWorkflowDefinitionCode(@Parameter(hidden =
true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
- @Parameter(name =
"projectCode", description = "PROJECT_CODE", required = true) @PathVariable
long projectCode,
- @RequestParam(value =
"workflowDefinitionCode") Long workflowDefinitionCode) {
- Map<String, Object> result = workflowDefinitionService
- .queryTaskDefinitionListByWorkflowDefinitionCode(projectCode,
workflowDefinitionCode);
- return returnDataList(result);
+ public Result<List<DependentSimplifyDefinition>>
getTaskListByWorkflowDefinitionCode(@Parameter(hidden = true)
@RequestAttribute(value = Constants.SESSION_USER) User loginUser,
Review Comment:
## CodeQL / Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5789)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowDefinitionController.java:
##########
@@ -613,11 +601,11 @@
@ResponseStatus(HttpStatus.OK)
@ApiException(DELETE_WORKFLOW_DEFINE_BY_CODE_ERROR)
@OperatorLog(auditType = AuditType.WORKFLOW_DELETE)
- public Result deleteWorkflowDefinitionByCode(@Parameter(hidden = true)
@RequestAttribute(value = Constants.SESSION_USER) User loginUser,
- @Parameter(name =
"projectCode", description = "PROJECT_CODE", required = true) @PathVariable
long projectCode,
- @PathVariable("code") long
code) {
+ public Result<Void> deleteWorkflowDefinitionByCode(@Parameter(hidden =
true) @RequestAttribute(value = Constants.SESSION_USER) User loginUser,
+ @Parameter(name =
"projectCode", description = "PROJECT_CODE", required = true) @PathVariable
long projectCode,
Review Comment:
## CodeQL / Useless parameter
The parameter 'projectCode' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5788)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/WorkflowDefinitionServiceImpl.java:
##########
@@ -308,18 +301,25 @@
"Save workflow task relations error, projectCode:{},
workflowDefinitionCode:{}, workflowDefinitionVersion:{}.",
workflowDefinition.getProjectCode(),
workflowDefinition.getCode(), insertVersion);
throw new
ServiceException(Status.CREATE_WORKFLOW_TASK_RELATION_ERROR);
- } else {
- log.info(
- "Save workflow task relations complete, projectCode:{},
workflowDefinitionCode:{}, workflowDefinitionVersion:{}.",
- workflowDefinition.getProjectCode(),
workflowDefinition.getCode(), insertVersion);
}
+ log.info(
+ "Save workflow task relations complete, projectCode:{},
workflowDefinitionCode:{}, workflowDefinitionVersion:{}.",
+ workflowDefinition.getProjectCode(),
workflowDefinition.getCode(), insertVersion);
saveWorkflowLineage(workflowDefinition.getProjectCode(),
workflowDefinition.getCode(),
insertVersion, taskDefinitionLogs);
+ return workflowDefinition;
+ }
- putMsg(result, Status.SUCCESS);
- result.put(Constants.DATA_LIST, workflowDefinition);
- return result;
+ private void requireProjectAndWritePerm(User loginUser, Project project) {
+ Map<String, Object> permResult = new HashMap<>();
+ if (!projectService.hasProjectAndWritePerm(loginUser, project,
permResult)) {
Review Comment:
## CodeQL / Deprecated method or constructor invocation
Invoking [ProjectService.hasProjectAndWritePerm](1) should be avoided
because it has been deprecated.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5787)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/WorkflowDefinitionService.java:
##########
@@ -28,66 +33,39 @@
import java.util.Map;
import java.util.Optional;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+
public interface WorkflowDefinitionService {
/**
* create workflow definition
- *
- * @param loginUser login user
- * @param projectCode project code
- * @param name workflow definition name
- * @param description description
- * @param globalParams global params
- * @param locations locations for nodes
- * @param timeout timeout
- * @param taskRelationJson relation json for nodes
- * @param taskDefinitionJson taskDefinitionJson
- * @param otherParamsJson otherParamsJson handle other params
- * @return create result code
*/
- Map<String, Object> createWorkflowDefinition(User loginUser,
- long projectCode,
- String name,
- String description,
- String globalParams,
- String locations,
- int timeout,
- String taskRelationJson,
- String taskDefinitionJson,
- String otherParamsJson,
- WorkflowExecutionTypeEnum
executionType);
+ WorkflowDefinition createWorkflowDefinition(User loginUser,
+ long projectCode,
+ String name,
+ String description,
+ String globalParams,
+ String locations,
+ int timeout,
+ String taskRelationJson,
+ String taskDefinitionJson,
+ String otherParamsJson,
Review Comment:
## CodeQL / Useless parameter
The parameter 'otherParamsJson' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5791)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/WorkflowDefinitionController.java:
##########
@@ -576,10 +566,9 @@
@GetMapping(value = "/query-workflow-definition-list")
@ResponseStatus(HttpStatus.OK)
@ApiException(GET_TASKS_LIST_BY_WORKFLOW_DEFINITION_CODE_ERROR)
- public Result getWorkflowListByProjectCode(@Parameter(hidden = true)
@RequestAttribute(value = Constants.SESSION_USER) User loginUser,
- @Parameter(name =
"projectCode", description = "PROJECT_CODE", required = true) @PathVariable
long projectCode) {
- Map<String, Object> result =
workflowDefinitionService.queryWorkflowDefinitionListByProjectCode(projectCode);
- return returnDataList(result);
+ public Result<List<DependentSimplifyDefinition>>
getWorkflowListByProjectCode(@Parameter(hidden = true) @RequestAttribute(value
= Constants.SESSION_USER) User loginUser,
Review Comment:
## CodeQL / Useless parameter
The parameter 'loginUser' is never used.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/5790)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]