[GitHub] [druid] github-code-scanning[bot] commented on a diff in pull request #13653: allow using nested column indexer for schema discovery

GitBox Tue, 10 Jan 2023 01:16:22 -0800


github-code-scanning[bot] commented on code in PR #13653:
URL: https://github.com/apache/druid/pull/13653#discussion_r1065517808



##########
processing/src/main/java/org/apache/druid/segment/NestedDataColumnIndexer.java:
##########
@@ -152,6 +181,77 @@
   )
   {
     final int dimIndex = desc.getIndex();
+
+    if (fieldIndexers.size() == 1 && 
fieldIndexers.containsKey(NestedPathFinder.JSON_PATH_ROOT)) {
+      final LiteralFieldIndexer rootField = 
fieldIndexers.get(NestedPathFinder.JSON_PATH_ROOT);
+      if (rootField.getTypes().getSingleType() != null) {
+        return new ColumnValueSelector<Object>()
+        {
+          @Override
+          public boolean isNull()
+          {
+            final Object o = getObject();
+            return !(o instanceof Number);
+          }
+
+          @Override
+          public float getFloat()
+          {
+            Object value = getObject();
+            if (value == null) {
+              return 0;
+            }
+            return ((Number) value).floatValue();
+          }
+
+          @Override
+          public double getDouble()
+          {
+            Object value = getObject();
+            if (value == null) {
+              return 0;
+            }
+            return ((Number) value).doubleValue();
+          }
+
+          @Override
+          public long getLong()
+          {
+            Object value = getObject();
+            if (value == null) {
+              return 0;
+            }
+            return ((Number) value).longValue();
+          }
+
+          @Override
+          public void inspectRuntimeShape(RuntimeShapeInspector inspector)
+          {
+
+          }
+
+          @Nullable
+          @Override
+          public Object getObject()
+          {
+            final Object[] dims = currEntry.get().getDims();
+            if (dimIndex < dims.length) {
+              StructuredData data = (StructuredData) dims[dimIndex];

Review Comment:
   ## Improper validation of user-provided array index
   
   This index depends on a [user-provided value](1) which can cause an 
ArrayIndexOutOfBoundsException.
   This index depends on a [user-provided value](2) which can cause an 
ArrayIndexOutOfBoundsException.
   This index depends on a [user-provided value](3) which can cause an 
ArrayIndexOutOfBoundsException.
   This index depends on a [user-provided value](4) which can cause an 
ArrayIndexOutOfBoundsException.
   This index depends on a [user-provided value](5) which can cause an 
ArrayIndexOutOfBoundsException.
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/3634)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[GitHub] [druid] github-code-scanning[bot] commented on a diff in pull request #13653: allow using nested column indexer for schema discovery

Reply via email to