github-code-scanning[bot] commented on code in PR #12076:
URL:
https://github.com/apache/dolphinscheduler/pull/12076#discussion_r1002625283
##########
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/storage/impl/HadoopUtils.java:
##########
@@ -749,4 +903,67 @@ public void deleteTenant(String tenantCode) throws
Exception {
public ResUploadType returnStorageType() {
return ResUploadType.HDFS;
}
+
+ @Override
+ public List<StorageEntity> listFilesStatusRecursively(String path, String
defaultPath, String tenantCode,
+ ResourceType type) {
+ List<StorageEntity> storageEntityList = new ArrayList<>();
+
+ LinkedList<StorageEntity> foldersToFetch = new LinkedList<>();
+
+ do {
+ String pathToExplore = "";
+ if (foldersToFetch.size() == 0) {
+ pathToExplore = path;
+ } else {
+ pathToExplore = foldersToFetch.pop().getFullName();
+ }
+
+ try {
+ List<StorageEntity> tempList = listFilesStatus(pathToExplore,
defaultPath, tenantCode, type);
+
+ for (StorageEntity temp : tempList) {
+ if (temp.isDirectory()) {
+ foldersToFetch.add(temp);
+ }
+ }
+
+ storageEntityList.addAll(tempList);
+ } catch (FileNotFoundException e) {
+ logger.error(e.getMessage() + "Resource path:" +
pathToExplore, e);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/769)
##########
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/storage/impl/S3Utils.java:
##########
@@ -206,21 +237,38 @@ public void download(String tenantCode, String
srcFilePath, String dstFilePath,
}
@Override
- public boolean exists(String tenantCode, String fileName) throws
IOException {
- return s3Client.doesObjectExist(BUCKET_NAME, fileName);
+ public boolean exists(String fullName) throws IOException {
+ return s3Client.doesObjectExist(BUCKET_NAME, fullName);
}
@Override
- public boolean delete(String tenantCode, String filePath, boolean
recursive) throws IOException {
+ public boolean delete(String fullName, boolean recursive) throws
IOException {
try {
- s3Client.deleteObject(BUCKET_NAME, filePath);
+ s3Client.deleteObject(BUCKET_NAME, fullName);
return true;
} catch (AmazonServiceException e) {
- logger.error("delete the object error,the resource path is {}",
filePath);
+ logger.error("delete the object error,the resource path is {}",
fullName);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/772)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java:
##########
@@ -251,13 +261,23 @@
}
}
- Resource resource = resourceMapper.selectById(resourceId);
- if (resource == null) {
- logger.error("Resource does not exist, resourceId:{}.",
resourceId);
+ Boolean doesResExist = false;
+ try {
+ doesResExist = storageOperate.exists(fullName);
+ } catch (Exception e) {
+ logger.error("udf resource checking error", fullName);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/758)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java:
##########
@@ -251,13 +261,23 @@
}
}
- Resource resource = resourceMapper.selectById(resourceId);
- if (resource == null) {
- logger.error("Resource does not exist, resourceId:{}.",
resourceId);
+ Boolean doesResExist = false;
+ try {
+ doesResExist = storageOperate.exists(fullName);
+ } catch (Exception e) {
+ logger.error("udf resource checking error", fullName);
result.setCode(Status.RESOURCE_NOT_EXIST.getCode());
result.setMsg(Status.RESOURCE_NOT_EXIST.getMsg());
return result;
}
+
+ if (!doesResExist) {
+ logger.error("resource full name {} is not exist", fullName);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/759)
##########
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/storage/impl/S3Utils.java:
##########
@@ -384,4 +432,197 @@
public ResUploadType returnStorageType() {
return ResUploadType.S3;
}
+
+ @Override
+ public List<StorageEntity> listFilesStatusRecursively(String path, String
defaultPath, String tenantCode,
+ ResourceType type) {
+ List<StorageEntity> storageEntityList = new ArrayList<>();
+
+ LinkedList<StorageEntity> foldersToFetch = new LinkedList<>();
+
+ do {
+ String pathToExplore = "";
+ if (foldersToFetch.size() == 0) {
+ pathToExplore = path;
+ } else {
+ pathToExplore = foldersToFetch.pop().getFullName();
+ }
+
+ try {
+ List<StorageEntity> tempList = listFilesStatus(pathToExplore,
defaultPath, tenantCode, type);
+
+ for (StorageEntity temp : tempList) {
+ if (temp.isDirectory()) {
+ foldersToFetch.add(temp);
+ }
+ }
+
+ storageEntityList.addAll(tempList);
+ } catch (AmazonServiceException e) {
+ logger.error(e.getMessage() + "Resource path:" +
pathToExplore, e);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/775)
##########
dolphinscheduler-service/src/main/java/org/apache/dolphinscheduler/service/storage/impl/HadoopUtils.java:
##########
@@ -749,4 +903,67 @@
public ResUploadType returnStorageType() {
return ResUploadType.HDFS;
}
+
+ @Override
+ public List<StorageEntity> listFilesStatusRecursively(String path, String
defaultPath, String tenantCode,
+ ResourceType type) {
+ List<StorageEntity> storageEntityList = new ArrayList<>();
+
+ LinkedList<StorageEntity> foldersToFetch = new LinkedList<>();
+
+ do {
+ String pathToExplore = "";
+ if (foldersToFetch.size() == 0) {
+ pathToExplore = path;
+ } else {
+ pathToExplore = foldersToFetch.pop().getFullName();
+ }
+
+ try {
+ List<StorageEntity> tempList = listFilesStatus(pathToExplore,
defaultPath, tenantCode, type);
+
+ for (StorageEntity temp : tempList) {
+ if (temp.isDirectory()) {
+ foldersToFetch.add(temp);
+ }
+ }
+
+ storageEntityList.addAll(tempList);
+ } catch (FileNotFoundException e) {
+ logger.error(e.getMessage() + "Resource path:" +
pathToExplore, e);
+ // return the resources fetched before error occurs.
+ return storageEntityList;
+ } catch (IOException e) {
+ logger.error(e.getMessage() + "Resource path:" +
pathToExplore, e);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
This log entry depends on a [user-provided value](2).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/770)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java:
##########
@@ -117,9 +120,15 @@
return result;
}
- Resource resource = resourceMapper.selectById(resourceId);
- if (resource == null) {
- logger.error("Resource does not exist, resourceId:{}.",
resourceId);
+ Boolean existResource = false;
+ try {
+ existResource = storageOperate.exists(fullName);
+ } catch (IOException e) {
+ logger.error("AmazonServiceException when checking resource: " +
fullName);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/755)
##########
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/UdfFuncServiceImpl.java:
##########
@@ -117,9 +120,15 @@
return result;
}
- Resource resource = resourceMapper.selectById(resourceId);
- if (resource == null) {
- logger.error("Resource does not exist, resourceId:{}.",
resourceId);
+ Boolean existResource = false;
+ try {
+ existResource = storageOperate.exists(fullName);
+ } catch (IOException e) {
+ logger.error("AmazonServiceException when checking resource: " +
fullName);
+ }
+
+ if (!existResource) {
+ logger.error("resource full name {} is not exist", fullName);
Review Comment:
## Log Injection
This log entry depends on a [user-provided value](1).
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/756)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
