(hive) branch branch-4.2 updated: HIVE-29298: Refactoring minor issues in profile output servlet (#6190)

Fri, 14 Nov 2025 23:58:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

abstractdog pushed a commit to branch branch-4.2
in repository https://gitbox.apache.org/repos/asf/hive.git


The following commit(s) were added to refs/heads/branch-4.2 by this push:
     new 8767b315118 HIVE-29298: Refactoring minor issues in profile output 
servlet (#6190)
8767b315118 is described below

commit 8767b315118f1430a0e31c7038457f28c8ee6a0e
Author: Bodor Laszlo <[email protected]>
AuthorDate: Sat Nov 15 08:56:57 2025 +0100

    HIVE-29298: Refactoring minor issues in profile output servlet (#6190)
---
 .../org/apache/hive/http/ProfileOutputServlet.java | 36 +++++++++++++++++++---
 .../java/org/apache/hive/http/ProfileServlet.java  |  5 +--
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/common/src/java/org/apache/hive/http/ProfileOutputServlet.java 
b/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
index fdca1f3cb35..bedb48d4085 100644
--- a/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
+++ b/common/src/java/org/apache/hive/http/ProfileOutputServlet.java
@@ -17,11 +17,15 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.io.PrintWriter;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.hadoop.yarn.webapp.MimeType;
 import org.eclipse.jetty.servlet.DefaultServlet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -33,19 +37,43 @@ public class ProfileOutputServlet extends DefaultServlet {
   private static final long serialVersionUID = 1L;
   private static final Logger LOG = 
LoggerFactory.getLogger(ProfileOutputServlet.class);
 
+  public static final String FILE_QUERY_PARAM = "file";
+
   @Override
   protected void doGet(final HttpServletRequest req, final HttpServletResponse 
resp)
     throws ServletException, IOException {
-    String absoluteDiskPath = 
getServletContext().getRealPath(req.getPathInfo());
-    File requestedFile = new File(absoluteDiskPath);
+    String queriedFile = req.getParameter(FILE_QUERY_PARAM);
+
+    if (queriedFile == null) {
+      writeMessage(resp, "Run the profiler to be able to receive its output");
+      return;
+    }
+    Path outputDir = 
Paths.get(ProfileServlet.OUTPUT_DIR).toAbsolutePath().normalize();
+    Path requestedPath = outputDir.resolve(queriedFile).normalize();
+
+    if (!requestedPath.startsWith(outputDir)) {
+      resp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+      writeMessage(resp, "Access denied: Invalid Path");
+      return;
+    }
+
+    File outputFile = requestedPath.toFile();
+
     // async-profiler version 1.4 writes 'Started [cpu] profiling' to output 
file when profiler is running which
     // gets replaced by final output. If final output is not ready yet, the 
file size will be <100 bytes (in all modes).
-    if (requestedFile.length() < 100) {
-      LOG.info("{} is incomplete. Sending auto-refresh header..", 
requestedFile);
+    if (outputFile.length() < 100) {
+      LOG.info("{} is incomplete. Sending auto-refresh header..", outputFile);
       resp.setHeader("Refresh", "2," + req.getRequestURI());
       resp.getWriter().write("This page will auto-refresh every 2 second until 
output file is ready..");
     } else {
       super.doGet(req, resp);
     }
   }
+
+  private void writeMessage(HttpServletResponse response, String message) 
throws IOException {
+    response.setContentType(MimeType.TEXT);
+    PrintWriter out = response.getWriter();
+    out.println(message);
+    out.close();
+  }
 }
\ No newline at end of file
diff --git a/common/src/java/org/apache/hive/http/ProfileServlet.java 
b/common/src/java/org/apache/hive/http/ProfileServlet.java
index c1260e4a3fd..a866bb65f6d 100644
--- a/common/src/java/org/apache/hive/http/ProfileServlet.java
+++ b/common/src/java/org/apache/hive/http/ProfileServlet.java
@@ -264,7 +264,7 @@ protected void doGet(final HttpServletRequest req, final 
HttpServletResponse res
             // set response and set refresh header to output location
             setResponseHeader(resp);
             resp.setStatus(HttpServletResponse.SC_ACCEPTED);
-            String relativeUrl = "/prof-output/" + outputFile.getName();
+            String relativeUrl = "/prof-output";
             resp.getWriter().write(
               "Started [" + event.getInternalName() + "] profiling. This page 
will automatically redirect to " +
                 relativeUrl + " after " + duration + " seconds.\n\ncommand:\n" 
+ Joiner.on(" ").join(cmd));
@@ -273,7 +273,8 @@ protected void doGet(final HttpServletRequest req, final 
HttpServletResponse res
             int refreshDelay = getInteger(req, "refreshDelay", 0);
 
             // instead of sending redirect, set auto-refresh so that browsers 
will refresh with redirected url
-            resp.setHeader("Refresh", (duration + refreshDelay) + ";" + 
relativeUrl);
+            resp.setHeader("Refresh", (duration + refreshDelay) + "; URL=" + 
relativeUrl + '?'
+                + ProfileOutputServlet.FILE_QUERY_PARAM + '=' + 
outputFile.getName());
             resp.getWriter().flush();
           } finally {
             profilerLock.unlock();

Reply via email to