Re: [PR] Add api for Retrieving unused segments (druid)

Tue, 05 Dec 2023 00:15:13 -0800 


github-advanced-security[bot] commented on code in PR #15415:
URL: https://github.com/apache/druid/pull/15415#discussion_r1415093465


##########
server/src/main/java/org/apache/druid/server/http/MetadataResource.java:
##########
@@ -334,6 +337,51 @@
     return builder.entity(Collections2.transform(segments, 
DataSegment::getId)).build();
   }
 
+  @GET
+  @Path("/datasources/{dataSourceName}/unusedSegments")
+  @Produces(MediaType.APPLICATION_JSON)
+  public Response getUnusedSegmentsInDataSource(
+      @Context final HttpServletRequest req,
+      @PathParam("dataSourceName") final String dataSource,
+      @QueryParam("interval") @Nullable String interval,
+      @QueryParam("limit") @Nullable Integer limit,
+      @QueryParam("offset") @Nullable Integer offset
+  )
+  {
+    if (dataSource != null && dataSource.isEmpty()) {
+      throw InvalidInput.exception("dataSource name must be non-empty");
+    }
+    if (limit != null && limit < 0) {
+      throw InvalidInput.exception("limit must be > 0");
+    }
+    if (offset != null && offset < 0) {
+      throw InvalidInput.exception("offset must be > 0");
+    }
+    if (dataSource == null || dataSource.isEmpty()) {
+      return 
Response.status(Response.Status.OK).entity(ImmutableList.of()).build();
+    }
+
+    final Interval theInterval = interval != null ? 
Intervals.of(interval.replace('_', '/')) : null;
+    Iterable<DataSegment> unusedSegments = 
segmentsMetadataManager.iterateAllUnusedSegmentsForDatasource(
+        dataSource,
+        theInterval,
+        limit,
+        offset
+    );
+
+    final Function<DataSegment, Iterable<ResourceAction>> raGenerator = 
segment -> Collections.singletonList(
+        
AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSource()));
+
+    final Iterable<DataSegment> authorizedSegments =
+        AuthorizationUtils.filterAuthorizedResources(req, unusedSegments, 
raGenerator, authorizerMapper);

Review Comment:
   ## User-controlled bypass of sensitive method
   
   Sensitive method may not be executed depending on a [this condition](1), 
which flows from [user-controlled value](2).
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/6026)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to