This is an automated email from the ASF dual-hosted git repository.
kirs pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 462c7c69ac1 [Fix](metahelper)Filename regex validation only checks if
the filename is valid. (#40677)
462c7c69ac1 is described below
commit 462c7c69ac19c1d46ca500d669051becef00a23e
Author: Calvin Kirs <[email protected]>
AuthorDate: Wed Sep 11 21:06:06 2024 +0800
[Fix](metahelper)Filename regex validation only checks if the filename is
valid. (#40677)
## Proposed changes
The file name may also be VERSION. Considering the code maintainability,
we will only check whether the file name is legal.
---
.../main/java/org/apache/doris/master/MetaHelper.java | 16 +++++++---------
.../java/org/apache/doris/master/MetaHelperTest.java | 18 +++++++++++++++---
2 files changed, 22 insertions(+), 12 deletions(-)
diff --git a/fe/fe-core/src/main/java/org/apache/doris/master/MetaHelper.java
b/fe/fe-core/src/main/java/org/apache/doris/master/MetaHelper.java
index cf63a82cd87..96e73756791 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/master/MetaHelper.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/master/MetaHelper.java
@@ -26,6 +26,7 @@ import org.apache.doris.httpv2.rest.manager.HttpUtils;
import org.apache.doris.persist.gson.GsonUtils;
import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -47,7 +48,7 @@ public class MetaHelper {
public static final String X_IMAGE_MD5 = "X-Image-Md5";
private static final int BUFFER_BYTES = 8 * 1024;
private static final int CHECKPOINT_LIMIT_BYTES = 30 * 1024 * 1024;
- private static final String VALID_FILENAME_REGEX =
"^image\\.\\d+(\\.part)?$";
+ private static final String VALID_FILENAME_REGEX =
"^(?!\\.)[a-zA-Z0-9_\\-.]+$";
public static File getMasterImageDir() {
@@ -115,13 +116,15 @@ public class MetaHelper {
}
}
-
- private static void checkIsValidFileName(String filename) {
+ protected static void checkIsValidFileName(String filename) {
if (!Config.meta_helper_security_mode) {
return;
}
+ if (StringUtils.isBlank(filename)) {
+ return;
+ }
if (!filename.matches(VALID_FILENAME_REGEX)) {
- throw new IllegalArgumentException("Invalid filename");
+ throw new IllegalArgumentException("Invalid filename : " +
filename);
}
}
@@ -156,7 +159,6 @@ public class MetaHelper {
throws IOException {
HttpURLConnection conn = null;
checkFile(file);
- boolean md5Matched = true;
OutputStream out = new FileOutputStream(file);
try {
conn = HttpURLUtil.getConnectionWithNodeIdent(urlStr);
@@ -186,7 +188,6 @@ public class MetaHelper {
if (remoteMd5 != null) {
String localMd5 = DigestUtils.md5Hex(new
FileInputStream(file));
if (!remoteMd5.equals(localMd5)) {
- md5Matched = false;
throw new IOException("Unexpected image md5, expected: " +
remoteMd5 + ", actual: " + localMd5);
}
}
@@ -197,9 +198,6 @@ public class MetaHelper {
if (out != null) {
out.close();
}
- if (!md5Matched && file.exists() &
Config.meta_helper_security_mode) {
- file.delete();
- }
}
}
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/master/MetaHelperTest.java
b/fe/fe-core/src/test/java/org/apache/doris/master/MetaHelperTest.java
index 40083abf956..1c8c8a2a7dd 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/master/MetaHelperTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/master/MetaHelperTest.java
@@ -70,7 +70,7 @@ public class MetaHelperTest {
@Test
public void testFile() throws IOException {
- String errorFilename = "testfile.";
+ String errorFilename = "..testfile.";
File errorFileWithSuffix = new File(tempDir, errorFilename);
String rightFilename = "image.1";
File rightFileWithSuffix = new File(tempDir, rightFilename);
@@ -80,8 +80,8 @@ public class MetaHelperTest {
if (errorFileWithSuffix.exists()) {
errorFileWithSuffix.delete();
}
- Assert.assertThrows(IllegalArgumentException.class, () ->
MetaHelper.complete(errorFilename, tempDir));
- Assert.assertThrows(IllegalArgumentException.class, () ->
MetaHelper.getFile(errorFilename, tempDir));
+ Assert.assertThrows(Exception.class, () ->
MetaHelper.complete(errorFilename, tempDir));
+ Assert.assertThrows(Exception.class, () ->
MetaHelper.getFile(errorFilename, tempDir));
if (rightFileWithSuffix.exists()) {
rightFileWithSuffix.delete();
}
@@ -89,6 +89,18 @@ public class MetaHelperTest {
}
+ @Test
+ public void testFileNameCheck() {
+ Config.meta_helper_security_mode = true;
+ MetaHelper.checkIsValidFileName("VERSION");
+ MetaHelper.checkIsValidFileName("image.1");
+ MetaHelper.checkIsValidFileName("image.1.part");
+ MetaHelper.checkIsValidFileName("image.1.part.1");
+ Assert.assertThrows(IllegalArgumentException.class, () ->
MetaHelper.checkIsValidFileName("../testfile."));
+
+
+ }
+
@AfterEach
public void tearDown() {
if (tempDir.exists()) {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
