Copilot commented on code in PR #61632:
URL: https://github.com/apache/doris/pull/61632#discussion_r2973974644
##########
docker/thirdparties/run-thirdparties-docker.sh:
##########
@@ -231,8 +231,91 @@ reserve_ports() {
}
JFS_META_FORMATTED=0
-DORIS_ROOT="$(cd "${ROOT}/../.." &>/dev/null && pwd)"
-. "${DORIS_ROOT}/thirdparty/juicefs-helpers.sh"
+DORIS_ROOT="${DORIS_ROOT:-$(cd "${ROOT}/../.." &>/dev/null && pwd)}"
+JUICEFS_DEFAULT_VERSION="${JUICEFS_DEFAULT_VERSION:-1.3.1}"
+JUICEFS_HADOOP_MAVEN_REPO="${JUICEFS_HADOOP_MAVEN_REPO:-https://repo1.maven.org/maven2/io/juicefs/juicefs-hadoop}";
+
+load_juicefs_helpers() {
+ local candidate=""
+ local -a helper_candidates=(
+ "${DORIS_ROOT}/thirdparty/juicefs-helpers.sh"
+ "${ROOT}/../../thirdparty/juicefs-helpers.sh"
+ "$(pwd)/thirdparty/juicefs-helpers.sh"
+ )
+
+ for candidate in "${helper_candidates[@]}"; do
+ if [[ -f "${candidate}" ]]; then
+ . "${candidate}"
+ return 0
Review Comment:
The helper existence check uses [[ -f "${candidate}" ]] before sourcing. If
the file exists but is not readable, the subsequent '.' will fail and (with
`set -e`) abort the script instead of falling back to the built-in helpers.
Consider checking readability (e.g., -r) and/or handling a failed source by
continuing to the next candidate / falling back.
```suggestion
if [[ -r "${candidate}" ]]; then
if . "${candidate}"; then
return 0
fi
```
##########
docker/thirdparties/run-thirdparties-docker.sh:
##########
@@ -231,8 +231,91 @@ reserve_ports() {
}
JFS_META_FORMATTED=0
-DORIS_ROOT="$(cd "${ROOT}/../.." &>/dev/null && pwd)"
-. "${DORIS_ROOT}/thirdparty/juicefs-helpers.sh"
+DORIS_ROOT="${DORIS_ROOT:-$(cd "${ROOT}/../.." &>/dev/null && pwd)}"
+JUICEFS_DEFAULT_VERSION="${JUICEFS_DEFAULT_VERSION:-1.3.1}"
+JUICEFS_HADOOP_MAVEN_REPO="${JUICEFS_HADOOP_MAVEN_REPO:-https://repo1.maven.org/maven2/io/juicefs/juicefs-hadoop}";
+
+load_juicefs_helpers() {
+ local candidate=""
+ local -a helper_candidates=(
+ "${DORIS_ROOT}/thirdparty/juicefs-helpers.sh"
+ "${ROOT}/../../thirdparty/juicefs-helpers.sh"
+ "$(pwd)/thirdparty/juicefs-helpers.sh"
+ )
+
+ for candidate in "${helper_candidates[@]}"; do
+ if [[ -f "${candidate}" ]]; then
+ . "${candidate}"
+ return 0
Review Comment:
The helper lookup includes "$(pwd)/thirdparty/juicefs-helpers.sh" as a
source candidate. Sourcing from the current working directory can execute
unintended/untrusted code if the script is run from a directory containing a
spoofed thirdparty/juicefs-helpers.sh. Prefer restricting candidates to paths
derived from ROOT/DORIS_ROOT (or require an explicit opt-in env var for CWD
lookup) to avoid this execution risk.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
