This is an automated email from the ASF dual-hosted git repository.
yiguolei pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/master by this push:
new 77be0d13c3 [BugFix](Load) Add a secure path for MySql Load to load
local file from fe node (#16653)
77be0d13c3 is described below
commit 77be0d13c342fa698ee0339696bed440420b3287
Author: huangzhaowei <[email protected]>
AuthorDate: Mon Feb 13 14:39:51 2023 +0800
[BugFix](Load) Add a secure path for MySql Load to load local file from fe
node (#16653)
MySql load can load fe server node, but it will cause secure issue that
user use it to detect the fe node local file.
For this reason, add a configuration named mysql_load_server_secure_path to
set a secure path to load data.
By default, load fe local file feature is disabled by this configuration.
---
.../src/main/java/org/apache/doris/common/Config.java | 9 +++++++++
.../main/java/org/apache/doris/analysis/LoadStmt.java | 13 +++++++++++--
.../java/org/apache/doris/analysis/LoadStmtTest.java | 16 ++++++++++++++++
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
index ef725b0c35..40ef72274e 100644
--- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
+++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
@@ -1992,6 +1992,15 @@ public class Config extends ConfigBase {
/**
* TokenManager will generate token every token_generate_period_hour.
*/
+ @ConfField(mutable = false, masterOnly = true)
public static int token_generate_period_hour = 12;
+
+ /**
+ * The secure local path of the FE node the place the data which will be
loaded in doris.
+ * The default value is empty for this config which means this feature is
not allowed.
+ * User who want to load fe server local file should config the value to a
right local path.
+ */
+ @ConfField(mutable = false, masterOnly = false)
+ public static String mysql_load_server_secure_path = "";
}
diff --git a/fe/fe-core/src/main/java/org/apache/doris/analysis/LoadStmt.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/LoadStmt.java
index 1b0bff6efd..c73005801b 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/LoadStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/LoadStmt.java
@@ -22,6 +22,7 @@ import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.KeysType;
import org.apache.doris.catalog.OlapTable;
import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.Config;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.UserException;
import org.apache.doris.common.util.PrintableMap;
@@ -405,8 +406,16 @@ public class LoadStmt extends DdlStmt {
// mysql load only have one data desc.
if (isMysqlLoad && !dataDescriptions.get(0).isClientLocal()) {
for (String path : dataDescriptions.get(0).getFilePaths()) {
- if (!new File(path).exists()) {
- throw new AnalysisException("Path: " + path + " is not
exists.");
+ if (Config.mysql_load_server_secure_path.isEmpty()) {
+ throw new AnalysisException("Load local data from fe local
is not enabled. If you want to use it,"
+ + " plz set the `mysql_load_server_secure_path`
for FE to be a right path.");
+ } else {
+ if
(!(path.startsWith(Config.mysql_load_server_secure_path))) {
+ throw new AnalysisException("Local file should be
under the secure path of FE.");
+ }
+ if (!new File(path).exists()) {
+ throw new AnalysisException("File: " + path + " is not
exists.");
+ }
}
}
}
diff --git
a/fe/fe-core/src/test/java/org/apache/doris/analysis/LoadStmtTest.java
b/fe/fe-core/src/test/java/org/apache/doris/analysis/LoadStmtTest.java
index b8a9da5874..3366226582 100644
--- a/fe/fe-core/src/test/java/org/apache/doris/analysis/LoadStmtTest.java
+++ b/fe/fe-core/src/test/java/org/apache/doris/analysis/LoadStmtTest.java
@@ -21,6 +21,7 @@ import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.ResourceMgr;
import org.apache.doris.catalog.SparkResource;
import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.Config;
import org.apache.doris.common.UserException;
import org.apache.doris.common.util.SqlParserUtils;
import org.apache.doris.load.EtlJobType;
@@ -221,6 +222,21 @@ public class LoadStmtTest {
};
LoadStmt stmt = new LoadStmt(desc, Maps.newHashMap());
+ try {
+ stmt.analyze(analyzer);
+ } catch (AnalysisException ae) {
+ Assert.assertEquals("errCode = 2, detailMessage = Load local data
from fe local is not enabled."
+ + " If you want to use it, plz set the
`mysql_load_server_secure_path` for FE to be a right path.",
+ ae.getMessage());
+ }
+ Config.mysql_load_server_secure_path = "/root";
+ try {
+ stmt.analyze(analyzer);
+ } catch (AnalysisException ae) {
+ Assert.assertEquals("errCode = 2, detailMessage = Local file
should be under the secure path of FE.",
+ ae.getMessage());
+ }
+ Config.mysql_load_server_secure_path = "/";
stmt.analyze(analyzer);
Assert.assertNull(stmt.getLabel().getDbName());
Assert.assertEquals(EtlJobType.LOCAL_FILE, stmt.getEtlJobType());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
