github-code-scanning[bot] commented on code in PR #12678:
URL:
https://github.com/apache/dolphinscheduler/pull/12678#discussion_r1012465958
##########
dolphinscheduler-task-plugin/dolphinscheduler-task-api/src/main/java/org/apache/dolphinscheduler/plugin/task/api/ShellCommandExecutor.java:
##########
@@ -80,42 +80,45 @@
*/
@Override
protected void createCommandFileIfNotExists(String execCommand, String
commandFile) throws IOException {
- logger.info("tenantCode user:{}, task dir:{}",
taskRequest.getTenantCode(),
- taskRequest.getTaskAppId());
-
// create if non existence
- if (!Files.exists(Paths.get(commandFile))) {
- logger.info("create command file:{}", commandFile);
-
- StringBuilder sb = new StringBuilder();
- if (SystemUtils.IS_OS_WINDOWS) {
- sb.append("@echo off\n");
- sb.append("cd /d %~dp0\n");
- if
(!Strings.isNullOrEmpty(taskRequest.getEnvironmentConfig())) {
- sb.append(taskRequest.getEnvironmentConfig()).append("\n");
- } else {
- if (taskRequest.getEnvFile() != null) {
- sb.append("call
").append(taskRequest.getEnvFile()).append("\n");
- }
+ logger.info("Begin to create command file:{}", commandFile);
+
+ Path commandFilePath = Paths.get(commandFile);
+ if (Files.exists(commandFilePath)) {
+ logger.warn("The command file: {} is already exist, will not
create a again", commandFile);
+ return;
+ }
+
+ StringBuilder sb = new StringBuilder();
+ if (SystemUtils.IS_OS_WINDOWS) {
+ sb.append("@echo off\n");
+ sb.append("cd /d %~dp0\n");
+ if (StringUtils.isNotBlank(taskRequest.getEnvironmentConfig())) {
+ sb.append(taskRequest.getEnvironmentConfig()).append("\n");
+ } else {
+ if (taskRequest.getEnvFile() != null) {
+ sb.append("call
").append(taskRequest.getEnvFile()).append("\n");
}
+ }
+ } else {
+ sb.append("#!/bin/sh\n");
+ sb.append("BASEDIR=$(cd `dirname $0`; pwd)\n");
+ sb.append("cd $BASEDIR\n");
+ if (StringUtils.isNotBlank(taskRequest.getEnvironmentConfig())) {
+ sb.append(taskRequest.getEnvironmentConfig()).append("\n");
} else {
- sb.append("#!/bin/bash\n");
- sb.append("BASEDIR=$(cd `dirname $0`; pwd)\n");
- sb.append("cd $BASEDIR\n");
- if
(!Strings.isNullOrEmpty(taskRequest.getEnvironmentConfig())) {
- sb.append(taskRequest.getEnvironmentConfig()).append("\n");
- } else {
- if (taskRequest.getEnvFile() != null) {
- sb.append("source
").append(taskRequest.getEnvFile()).append("\n");
- }
+ if (taskRequest.getEnvFile() != null) {
+ sb.append("source
").append(taskRequest.getEnvFile()).append("\n");
}
}
- sb.append(execCommand);
- logger.info("command : {}", sb);
-
- // write data to file
- FileUtils.writeStringToFile(new File(commandFile), sb.toString(),
StandardCharsets.UTF_8);
}
+ sb.append(execCommand);
+ String commandContent = sb.toString();
+
+ FileUtils.createFileWith755(commandFilePath);
+ Files.write(commandFilePath, commandContent.getBytes(),
StandardOpenOption.APPEND);
+
+ logger.info("Success create command file, command: {}",
commandContent);
Review Comment:
## Insertion of sensitive information into log files
This [potentially sensitive information](1) is written to a log file.
This [potentially sensitive information](2) is written to a log file.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/2227)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
