This is an automated email from the ASF dual-hosted git repository.
abstractdog pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 699886c3210 HIVE-29298: Refactoring minor issues in profile output
servlet (#6190)
699886c3210 is described below
commit 699886c3210954a8e4edebbbd9a8ca13d7970d9c
Author: Bodor Laszlo <[email protected]>
AuthorDate: Sat Nov 15 08:56:57 2025 +0100
HIVE-29298: Refactoring minor issues in profile output servlet (#6190)
---
.../org/apache/hive/http/ProfileOutputServlet.java | 36 +++++++++++++++++++---
.../java/org/apache/hive/http/ProfileServlet.java | 5 +--
2 files changed, 35 insertions(+), 6 deletions(-)
diff --git a/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
b/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
index fdca1f3cb35..bedb48d4085 100644
--- a/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
+++ b/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
@@ -17,11 +17,15 @@
import java.io.File;
import java.io.IOException;
+import java.io.PrintWriter;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.hadoop.yarn.webapp.MimeType;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -33,19 +37,43 @@ public class ProfileOutputServlet extends DefaultServlet {
private static final long serialVersionUID = 1L;
private static final Logger LOG =
LoggerFactory.getLogger(ProfileOutputServlet.class);
+ public static final String FILE_QUERY_PARAM = "file";
+
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse
resp)
throws ServletException, IOException {
- String absoluteDiskPath =
getServletContext().getRealPath(req.getPathInfo());
- File requestedFile = new File(absoluteDiskPath);
+ String queriedFile = req.getParameter(FILE_QUERY_PARAM);
+
+ if (queriedFile == null) {
+ writeMessage(resp, "Run the profiler to be able to receive its output");
+ return;
+ }
+ Path outputDir =
Paths.get(ProfileServlet.OUTPUT_DIR).toAbsolutePath().normalize();
+ Path requestedPath = outputDir.resolve(queriedFile).normalize();
+
+ if (!requestedPath.startsWith(outputDir)) {
+ resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ writeMessage(resp, "Access denied: Invalid Path");
+ return;
+ }
+
+ File outputFile = requestedPath.toFile();
+
// async-profiler version 1.4 writes 'Started [cpu] profiling' to output
file when profiler is running which
// gets replaced by final output. If final output is not ready yet, the
file size will be <100 bytes (in all modes).
- if (requestedFile.length() < 100) {
- LOG.info("{} is incomplete. Sending auto-refresh header..",
requestedFile);
+ if (outputFile.length() < 100) {
+ LOG.info("{} is incomplete. Sending auto-refresh header..", outputFile);
resp.setHeader("Refresh", "2," + req.getRequestURI());
resp.getWriter().write("This page will auto-refresh every 2 second until
output file is ready..");
} else {
super.doGet(req, resp);
}
}
+
+ private void writeMessage(HttpServletResponse response, String message)
throws IOException {
+ response.setContentType(MimeType.TEXT);
+ PrintWriter out = response.getWriter();
+ out.println(message);
+ out.close();
+ }
}
\ No newline at end of file
diff --git a/common/src/java/org/apache/hive/http/ProfileServlet.java
b/common/src/java/org/apache/hive/http/ProfileServlet.java
index c1260e4a3fd..a866bb65f6d 100644
--- a/common/src/java/org/apache/hive/http/ProfileServlet.java
+++ b/common/src/java/org/apache/hive/http/ProfileServlet.java
@@ -264,7 +264,7 @@ protected void doGet(final HttpServletRequest req, final
HttpServletResponse res
// set response and set refresh header to output location
setResponseHeader(resp);
resp.setStatus(HttpServletResponse.SC_ACCEPTED);
- String relativeUrl = "/prof-output/" + outputFile.getName();
+ String relativeUrl = "/prof-output";
resp.getWriter().write(
"Started [" + event.getInternalName() + "] profiling. This page
will automatically redirect to " +
relativeUrl + " after " + duration + " seconds.\n\ncommand:\n"
+ Joiner.on(" ").join(cmd));
@@ -273,7 +273,8 @@ protected void doGet(final HttpServletRequest req, final
HttpServletResponse res
int refreshDelay = getInteger(req, "refreshDelay", 0);
// instead of sending redirect, set auto-refresh so that browsers
will refresh with redirected url
- resp.setHeader("Refresh", (duration + refreshDelay) + ";" +
relativeUrl);
+ resp.setHeader("Refresh", (duration + refreshDelay) + "; URL=" +
relativeUrl + '?'
+ + ProfileOutputServlet.FILE_QUERY_PARAM + '=' +
outputFile.getName());
resp.getWriter().flush();
} finally {
profilerLock.unlock();
