[incubator-doris] 04/21: [Bug] Fix bug to reject request with no SQL in TableQueryPlanAction (#6843)

Wed, 27 Oct 2021 03:22:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

morningman pushed a commit to branch branch-0.15
in repository https://gitbox.apache.org/repos/asf/incubator-doris.git

commit e83a86776b846651d14f7a70d92043e4845407e0
Author: dohongdayi <[email protected]>
AuthorDate: Sat Oct 23 16:46:24 2021 +0800

    [Bug] Fix bug to reject request with no SQL in TableQueryPlanAction  (#6843)
    
    String.valueOf() returns string "null" with null input, in which case 
requests with no SQL
    will be accepted by TableQueryPlanAction unexpectedly with potential risk.
---
 .../doris/http/rest/TableQueryPlanAction.java      |  2 +-
 .../doris/httpv2/rest/TableQueryPlanAction.java    |  2 +-
 .../doris/http/TableQueryPlanActionTest.java       | 40 ++++++++++++++++++++++
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/http/rest/TableQueryPlanAction.java 
b/fe/fe-core/src/main/java/org/apache/doris/http/rest/TableQueryPlanAction.java
index 7634fab..92074ef 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/http/rest/TableQueryPlanAction.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/http/rest/TableQueryPlanAction.java
@@ -117,7 +117,7 @@ public class TableQueryPlanAction extends RestBaseAction {
             } catch (JSONException e) {
                 throw new DorisHttpException(HttpResponseStatus.BAD_REQUEST, 
"malformed json [ " + postContent + " ]");
             }
-            sql = String.valueOf(jsonObject.opt("sql"));
+            sql = jsonObject.optString("sql");
             if (Strings.isNullOrEmpty(sql)) {
                 throw new DorisHttpException(HttpResponseStatus.BAD_REQUEST, 
"POST body must contains [sql] root object");
             }
diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java
 
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java
index d64a788..cf107df 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java
@@ -104,7 +104,7 @@ public class TableQueryPlanAction extends 
RestBaseController {
                 return ResponseEntityBuilder.badRequest("malformed json: " + 
e.getMessage());
             }
 
-            sql = String.valueOf(jsonObject.opt("sql"));
+            sql = jsonObject.optString("sql");
             if (Strings.isNullOrEmpty(sql)) {
                 return ResponseEntityBuilder.badRequest("POST body must 
contains [sql] root object");
             }
diff --git 
a/fe/fe-core/src/test/java/org/apache/doris/http/TableQueryPlanActionTest.java 
b/fe/fe-core/src/test/java/org/apache/doris/http/TableQueryPlanActionTest.java
index 9f9c436..695c5f8 100644
--- 
a/fe/fe-core/src/test/java/org/apache/doris/http/TableQueryPlanActionTest.java
+++ 
b/fe/fe-core/src/test/java/org/apache/doris/http/TableQueryPlanActionTest.java
@@ -80,6 +80,46 @@ public class TableQueryPlanActionTest extends 
DorisHttpTestCase {
     }
 
     @Test
+    public void testNoSqlFailure() throws IOException {
+        RequestBody body = RequestBody.create(JSON, "{}");
+        Request request = new Request.Builder()
+                .post(body)
+                .addHeader("Authorization", rootAuth)
+                .url(URI + PATH_URI)
+                .build();
+        Response response = networkClient.newCall(request).execute();
+        String respStr = response.body().string();
+        System.out.println(respStr);
+        Assert.assertNotNull(respStr);
+        expectThrowsNoException(() -> new JSONObject(respStr));
+        JSONObject jsonObject = new JSONObject(respStr);
+        Assert.assertEquals(400, jsonObject.getInt("status"));
+        String exception = jsonObject.getString("exception");
+        Assert.assertNotNull(exception);
+        Assert.assertEquals("POST body must contains [sql] root object", 
exception);
+    }
+
+    @Test
+    public void testEmptySqlFailure() throws IOException {
+        RequestBody body = RequestBody.create(JSON, "{ \"sql\" :  \"\" }");
+        Request request = new Request.Builder()
+                .post(body)
+                .addHeader("Authorization", rootAuth)
+                .url(URI + PATH_URI)
+                .build();
+        Response response = networkClient.newCall(request).execute();
+        String respStr = response.body().string();
+        System.out.println(respStr);
+        Assert.assertNotNull(respStr);
+        expectThrowsNoException(() -> new JSONObject(respStr));
+        JSONObject jsonObject = new JSONObject(respStr);
+        Assert.assertEquals(400, jsonObject.getInt("status"));
+        String exception = jsonObject.getString("exception");
+        Assert.assertNotNull(exception);
+        Assert.assertEquals("POST body must contains [sql] root object", 
exception);
+    }
+
+    @Test
     public void testInconsistentResource() throws IOException {
         RequestBody body = RequestBody.create(JSON, "{ \"sql\" :  \" select 
k1,k2 from " + DB_NAME + "." + TABLE_NAME + 1 + " \" }");
         Request request = new Request.Builder()

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to