github-advanced-security[bot] commented on code in PR #18033:
URL: https://github.com/apache/druid/pull/18033#discussion_r2533794052
##########
services/src/main/java/org/apache/druid/cli/CliOverlord.java:
##########
@@ -458,6 +455,47 @@
dutyBinder.addBinding().to(TaskLogAutoCleaner.class);
dutyBinder.addBinding().to(UnusedSegmentsKiller.class).in(LazySingleton.class);
}
+
+ /**
+ * Configures Overlord-specific web resources and QoS filtering.
+ * This method performs two main tasks:
+ * <ol>
+ * <li>Registers Jersey resources for Overlord REST endpoints</li>
+ * <li>Configures QoS (Quality of Service) filtering for request
limiting</li>
+ * </ol>
+ * <p>
+ * The Jersey resources handle the following endpoint paths:
+ * <ul>
+ * <li>/druid/indexer/v1 - Main indexing and task management
endpoints</li>
+ * <li>/druid-internal/v1 - Internal Overlord management
endpoints</li>
+ * </ul>
+ * Note to developers:
+ * Whenever adding new resources, please check if the root paths are
added in the QOS filtering.
+ */
+ private void configureOverlordWebResources(Binder binder)
+ {
+ Jerseys.addResource(binder, OverlordResource.class);
+ Jerseys.addResource(binder, SupervisorResource.class);
+ Jerseys.addResource(binder, HttpRemoteTaskRunnerResource.class);
+ Jerseys.addResource(binder, OverlordCompactionResource.class);
+ Jerseys.addResource(binder, OverlordDataSourcesResource.class);
+
+ // Add QoS filtering for overlord-specific endpoints if we have
enough threads
+ final int serverHttpNumThreads =
properties.containsKey("druid.server.http.numThreads")
+ ?
Integer.parseInt(properties.getProperty("druid.server.http.numThreads"))
Review Comment:
## Missing catch of NumberFormatException
Potential uncaught 'java.lang.NumberFormatException'.
[Show more
details](https://github.com/apache/druid/security/code-scanning/10555)
##########
server/src/main/java/org/apache/druid/server/initialization/ServerConfig.java:
##########
@@ -438,7 +439,7 @@
public static int getDefaultNumThreads()
{
- return Math.max(10, (JvmUtils.getRuntimeInfo().getAvailableProcessors() *
17) / 16 + 2) + 30;
+ return Math.max(10, (JvmUtils.getRuntimeInfo().getAvailableProcessors() *
17) / 16 + 2) + DEFAULT_MIN_QOS_THRESHOLD;
Review Comment:
## Deprecated method or constructor invocation
Invoking [JvmUtils.getRuntimeInfo](1) should be avoided because it has been
deprecated.
[Show more
details](https://github.com/apache/druid/security/code-scanning/10556)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
