(druid) branch master updated: Add minor checks in jetty utils (#17817)

[adarshsanjeev]

This is an automated email from the ASF dual-hosted git repository.

adarshsanjeev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/druid.git


The following commit(s) were added to refs/heads/master by this push:
     new 565b310d7de Add minor checks in jetty utils (#17817)
565b310d7de is described below

commit 565b310d7dedec0334f599f5f0f42c22ee6b957d
Author: Adarsh Sanjeev <adarshsanj...@gmail.com>
AuthorDate: Wed Mar 19 18:01:26 2025 +0530

    Add minor checks in jetty utils (#17817)
    
    Add minor checks in jetty utils class
---
 .../java/org/apache/druid/server/JettyUtils.java   | 10 +++++++-
 .../AsyncManagementForwardingServletTest.java      | 28 ++++++++++++++++++++--
 .../org/apache/druid/server/JettyUtilsTest.java    | 24 +++++++++++++++++++
 3 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/server/src/main/java/org/apache/druid/server/JettyUtils.java 
b/server/src/main/java/org/apache/druid/server/JettyUtils.java
index 717eb136b43..0f503ef3b2f 100644
--- a/server/src/main/java/org/apache/druid/server/JettyUtils.java
+++ b/server/src/main/java/org/apache/druid/server/JettyUtils.java
@@ -33,9 +33,13 @@ public class JettyUtils
    * Concatenate URI parts, in a way that is useful for proxy servlets.
    *
    * @param base               base part of the uri, like http://example.com 
(no trailing slash)
-   * @param encodedPath        encoded path, like you would get from 
HttpServletRequest's getRequestURI
+   * @param encodedPath        encoded path, like you would get from 
HttpServletRequest's getRequestURI. Must start with
+   *                           a slash.
    * @param encodedQueryString encoded query string, like you would get from 
HttpServletRequest's getQueryString
+   *
+   * @return rewritten target URI, or null if the URI cannot be rewritten
    */
+  @Nullable
   public static String concatenateForRewrite(
       final String base,
       final String encodedPath,
@@ -44,6 +48,10 @@ public class JettyUtils
   {
     // Query string and path are already encoded, no need for anything fancy 
beyond string concatenation.
 
+    if (!encodedPath.startsWith("/")) {
+      return null;
+    }
+
     final StringBuilder url = new StringBuilder(base).append(encodedPath);
 
     if (encodedQueryString != null) {
diff --git 
a/server/src/test/java/org/apache/druid/server/AsyncManagementForwardingServletTest.java
 
b/server/src/test/java/org/apache/druid/server/AsyncManagementForwardingServletTest.java
index ba7c78b99b0..b4952002144 100644
--- 
a/server/src/test/java/org/apache/druid/server/AsyncManagementForwardingServletTest.java
+++ 
b/server/src/test/java/org/apache/druid/server/AsyncManagementForwardingServletTest.java
@@ -351,12 +351,36 @@ public class AsyncManagementForwardingServletTest extends 
BaseJettyTest
     Assert.assertFalse("overlord called", OVERLORD_EXPECTED_REQUEST.called);
   }
 
+  @Test
+  public void testCoordinatorNoPath() throws Exception
+  {
+    HttpURLConnection connection = ((HttpURLConnection)
+        new URL(StringUtils.format("http://localhost:%d/proxy/coordinator";, 
port)).openConnection());
+    connection.setRequestMethod("GET");
+
+    Assert.assertEquals(403, connection.getResponseCode()); // proxy with no 
path is not allowed
+    Assert.assertFalse("coordinator called", 
COORDINATOR_EXPECTED_REQUEST.called);
+    Assert.assertFalse("overlord called", OVERLORD_EXPECTED_REQUEST.called);
+  }
+
+  @Test
+  public void testOverlordNoPath() throws Exception
+  {
+    HttpURLConnection connection = ((HttpURLConnection)
+        new URL(StringUtils.format("http://localhost:%d/proxy/overlord";, 
port)).openConnection());
+    connection.setRequestMethod("GET");
+
+    Assert.assertEquals(403, connection.getResponseCode()); // proxy with no 
path is not allowed
+    Assert.assertFalse("coordinator called", 
COORDINATOR_EXPECTED_REQUEST.called);
+    Assert.assertFalse("overlord called", OVERLORD_EXPECTED_REQUEST.called);
+  }
+
   @Test
   public void testCoordinatorLeaderUnknown() throws Exception
   {
     isValidLeader = false;
     HttpURLConnection connection = ((HttpURLConnection)
-        new URL(StringUtils.format("http://localhost:%d/druid/coordinator";, 
port)).openConnection());
+        new 
URL(StringUtils.format("http://localhost:%d/druid/coordinator/status";, 
port)).openConnection());
     connection.setRequestMethod("GET");
 
     Assert.assertEquals(503, connection.getResponseCode());
@@ -369,7 +393,7 @@ public class AsyncManagementForwardingServletTest extends 
BaseJettyTest
   {
     isValidLeader = false;
     HttpURLConnection connection = ((HttpURLConnection)
-        new URL(StringUtils.format("http://localhost:%d/druid/indexer";, 
port)).openConnection());
+        new URL(StringUtils.format("http://localhost:%d/druid/indexer/status";, 
port)).openConnection());
     connection.setRequestMethod("GET");
 
     Assert.assertEquals(503, connection.getResponseCode());
diff --git a/server/src/test/java/org/apache/druid/server/JettyUtilsTest.java 
b/server/src/test/java/org/apache/druid/server/JettyUtilsTest.java
index bd6d86f36bc..de1cb2bf0b3 100644
--- a/server/src/test/java/org/apache/druid/server/JettyUtilsTest.java
+++ b/server/src/test/java/org/apache/druid/server/JettyUtilsTest.java
@@ -36,4 +36,28 @@ public class JettyUtilsTest
         )
     );
   }
+
+  @Test
+  public void testConcatenateForRewriteEmptyPath()
+  {
+    Assert.assertNull(
+        JettyUtils.concatenateForRewrite(
+            "http://example.com";,
+            "",
+            "q=baz%20qux"
+        )
+    );
+  }
+
+  @Test
+  public void testConcatenateForRewriteInvalidPath()
+  {
+    Assert.assertNull(
+        JettyUtils.concatenateForRewrite(
+            "http://example.com";,
+            "foo%20bar", // path must start with '/'
+            "q=baz%20qux"
+        )
+    );
+  }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@druid.apache.org
For additional commands, e-mail: commits-h...@druid.apache.org