This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch 3.0.x in repository https://gitbox.apache.org/repos/asf/kylin.git
commit ec7558e87245bacbc09b8472c858c2a85d5ded41 Author: nichunen <[email protected]> AuthorDate: Mon Jan 20 17:38:39 2020 +0800 Prevent uncontrolled data used in path expression --- .../main/java/org/apache/kylin/job/execution/ExecutableManager.java | 3 +++ .../org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java index 6f8d789..3e116aa 100644 --- a/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java +++ b/core-job/src/main/java/org/apache/kylin/job/execution/ExecutableManager.java @@ -122,6 +122,7 @@ public class ExecutableManager { public void updateCheckpointJob(String jobId, List<AbstractExecutable> subTasksForCheck) { try { + jobId = jobId.replaceAll("[./]", ""); final ExecutablePO job = executableDao.getJob(jobId); Preconditions.checkArgument(job != null, "there is no related job for job id:" + jobId); @@ -140,6 +141,7 @@ public class ExecutableManager { //for ut public void deleteJob(String jobId) { try { + jobId = jobId.replaceAll("[./]", ""); executableDao.deleteJob(jobId); } catch (PersistentException e) { logger.error("fail to delete job:" + jobId, e); @@ -167,6 +169,7 @@ public class ExecutableManager { public Output getOutput(String uuid) { try { + uuid = uuid.replaceAll("[./]", ""); final ExecutableOutputPO jobOutput = executableDao.getJobOutput(uuid); Preconditions.checkArgument(jobOutput != null, "there is no related output for job id:" + uuid); return parseOutput(jobOutput); diff --git a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java index 812d3c3..11c4d01 100644 --- a/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java +++ b/core-metadata/src/main/java/org/apache/kylin/metadata/badquery/BadQueryHistoryManager.java @@ -57,7 +57,6 @@ public class BadQueryHistoryManager { } public BadQueryHistory getBadQueriesForProject(String project) throws IOException { - project = project.replaceAll("[./]", ""); BadQueryHistory badQueryHistory = getStore().getResource(getResourcePathForProject(project), BAD_QUERY_INSTANCE_SERIALIZER); if (badQueryHistory == null) { badQueryHistory = new BadQueryHistory(project); @@ -88,10 +87,12 @@ public class BadQueryHistoryManager { } public void removeBadQueryHistory(String project) throws IOException { + project = project.replaceAll("[./]", ""); getStore().deleteResource(getResourcePathForProject(project)); } public String getResourcePathForProject(String project) { + project = project.replaceAll("[./]", ""); return ResourceStore.BAD_QUERY_RESOURCE_ROOT + "/" + project + MetadataConstants.FILE_SURFIX; } } \ No newline at end of file
