github-advanced-security[bot] commented on code in PR #16206:
URL: https://github.com/apache/druid/pull/16206#discussion_r1539710847
##########
server/src/main/java/org/apache/druid/server/http/MetadataResource.java:
##########
@@ -349,37 +353,52 @@
@QueryParam("sortOrder") @Nullable final String sortOrder
)
{
- if (dataSource == null || dataSource.isEmpty()) {
- throw InvalidInput.exception("dataSourceName must be non-empty");
- }
- if (limit != null && limit < 0) {
- throw InvalidInput.exception("Invalid limit[%s] specified. Limit must be
> 0", limit);
- }
+ try {
+ if (dataSource == null || dataSource.isEmpty()) {
+ throw InvalidInput.exception("dataSourceName must be non-empty.");
+ }
- if (lastSegmentId != null && SegmentId.tryParse(dataSource, lastSegmentId)
== null) {
- throw InvalidInput.exception("Invalid lastSegmentId[%s] specified.",
lastSegmentId);
- }
+ if (limit != null && limit < 0) {
+ throw InvalidInput.exception("Invalid limit[%s] specified. Limit must
be > 0.", limit);
+ }
- SortOrder theSortOrder = sortOrder == null ? null :
SortOrder.fromValue(sortOrder);
+ if (lastSegmentId != null && SegmentId.tryParse(dataSource,
lastSegmentId) == null) {
+ throw InvalidInput.exception("Invalid lastSegmentId[%s] specified.",
lastSegmentId);
+ }
- final Interval theInterval = interval != null ?
Intervals.of(interval.replace('_', '/')) : null;
- Iterable<DataSegmentPlus> unusedSegments =
segmentsMetadataManager.iterateAllUnusedSegmentsForDatasource(
- dataSource,
- theInterval,
- limit,
- lastSegmentId,
- theSortOrder
- );
+ final SortOrder theSortOrder = sortOrder == null ? null :
SortOrder.fromValue(sortOrder);
+
+ final Interval theInterval = interval != null ?
Intervals.of(interval.replace('_', '/')) : null;
+ final Iterable<DataSegmentPlus> unusedSegments =
segmentsMetadataManager.iterateAllUnusedSegmentsForDatasource(
+ dataSource,
+ theInterval,
+ limit,
+ lastSegmentId,
+ theSortOrder
+ );
- final Function<DataSegmentPlus, Iterable<ResourceAction>> raGenerator =
segment -> Collections.singletonList(
-
AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSegment().getDataSource()));
+ final Function<DataSegmentPlus, Iterable<ResourceAction>> raGenerator =
segment -> Collections.singletonList(
+
AuthorizationUtils.DATASOURCE_READ_RA_GENERATOR.apply(segment.getDataSegment().getDataSource()));
- final Iterable<DataSegmentPlus> authorizedSegments =
- AuthorizationUtils.filterAuthorizedResources(req, unusedSegments,
raGenerator, authorizerMapper);
+ final Iterable<DataSegmentPlus> authorizedSegments =
+ AuthorizationUtils.filterAuthorizedResources(req, unusedSegments,
raGenerator, authorizerMapper);
Review Comment:
## User-controlled bypass of sensitive method
Sensitive method may not be executed depending on a [this condition](1),
which flows from [user-controlled value](2).
[Show more
details](https://github.com/apache/druid/security/code-scanning/7197)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
