(doris) branch branch-4.0 updated: branch-4.0: [chore](security) Add ssrf check for create stage #58585 (#58875)

Thu, 11 Dec 2025 03:25:17 -0800 

This is an automated email from the ASF dual-hosted git repository.

yiguolei pushed a commit to branch branch-4.0
in repository https://gitbox.apache.org/repos/asf/doris.git


The following commit(s) were added to refs/heads/branch-4.0 by this push:
     new 18054665cfc branch-4.0: [chore](security) Add ssrf check for create 
stage #58585 (#58875)
18054665cfc is described below

commit 18054665cfcac1081ad4b54beead714b84292663
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Thu Dec 11 19:25:02 2025 +0800

    branch-4.0: [chore](security) Add ssrf check for create stage #58585 
(#58875)
    
    Cherry-picked from #58585
    
    Co-authored-by: Gavin Chou <[email protected]>
---
 .../apache/doris/nereids/trees/plans/commands/CreateStageCommand.java  | 3 +++
 1 file changed, 3 insertions(+)

diff --git 
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/CreateStageCommand.java
 
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/CreateStageCommand.java
index 0b9a15c506e..907c2edddae 100644
--- 
a/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/CreateStageCommand.java
+++ 
b/fe/fe-core/src/main/java/org/apache/doris/nereids/trees/plans/commands/CreateStageCommand.java
@@ -29,6 +29,7 @@ import org.apache.doris.cloud.proto.Cloud.RamUserPB;
 import org.apache.doris.cloud.proto.Cloud.StagePB;
 import org.apache.doris.cloud.proto.Cloud.StagePB.StageAccessType;
 import org.apache.doris.cloud.proto.Cloud.StagePB.StageType;
+import org.apache.doris.cloud.security.SecurityChecker;
 import org.apache.doris.cloud.storage.RemoteBase;
 import org.apache.doris.cloud.storage.RemoteBase.ObjectInfo;
 import org.apache.doris.common.AnalysisException;
@@ -148,6 +149,7 @@ public class CreateStageCommand extends Command implements 
ForwardWithSync, Need
             String urlStr = "http://"; + endpoint;
             // TODO: Server-Side Request Forgery Check is still need?
             URL url = new URL(urlStr);
+            SecurityChecker.getInstance().startSSRFChecking(urlStr);
             connection = (HttpURLConnection) url.openConnection();
             connection.setConnectTimeout(10000);
             connection.connect();
@@ -164,6 +166,7 @@ public class CreateStageCommand extends Command implements 
ForwardWithSync, Need
                     LOG.warn("Failed to disconnect connection, endpoint={}", 
endpoint, e);
                 }
             }
+            SecurityChecker.getInstance().stopSSRFChecking();
         }
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to