[kylin] 33/44: Ensure the validity of http header from concated string

Fri, 07 Feb 2020 06:26:30 -0800 

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch 3.0.x
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 7395b468c22cc41e44d818d4cab5d614ac5c64f0
Author: nichunen <[email protected]>
AuthorDate: Mon Jan 13 13:17:15 2020 +0800

    Ensure the validity of http header from concated string
---
 .../java/org/apache/kylin/rest/controller/CubeController.java  |  3 ++-
 .../java/org/apache/kylin/rest/controller/QueryController.java | 10 ++++++----
 .../src/main/java/org/apache/kylin/rest/util/ValidateUtil.java |  8 ++++++--
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
 
b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
index 8e44ca1..85cad98 100644
--- 
a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
+++ 
b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java
@@ -887,7 +887,8 @@ public class CubeController extends BasicController {
         }
 
         response.setContentType("text/json;charset=utf-8");
-        response.setHeader("Content-Disposition", "attachment; filename=\"" + 
cubeName + ".json\"");
+        response.setHeader("Content-Disposition",
+                "attachment; filename=\"" + 
ValidateUtil.convertStringToBeAlphanumericUnderscore(cubeName) + ".json\"");
         try (PrintWriter writer = response.getWriter()) {
             writer.write(JsonUtil.writeValueAsString(dimensionSetList));
         } catch (IOException e) {
diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
 
b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
index 6b56e91..da0a1e5 100644
--- 
a/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
+++ 
b/server-base/src/main/java/org/apache/kylin/rest/controller/QueryController.java
@@ -49,6 +49,7 @@ import org.apache.kylin.rest.request.SQLRequest;
 import org.apache.kylin.rest.request.SaveSqlRequest;
 import org.apache.kylin.rest.response.SQLResponse;
 import org.apache.kylin.rest.service.QueryService;
+import org.apache.kylin.rest.util.ValidateUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -77,14 +78,13 @@ public class QueryController extends BasicController {
 
     @SuppressWarnings("unused")
     private static final Logger logger = 
LoggerFactory.getLogger(QueryController.class);
-
+    private static String BOM_CHARACTER;
     @Autowired
     @Qualifier("queryService")
     private QueryService queryService;
 
-    private static String BOM_CHARACTER;
     {
-        BOM_CHARACTER = new String(new byte[]{(byte) 0xEF, (byte) 0xBB, (byte) 
0xBF}, StandardCharsets.UTF_8);
+        BOM_CHARACTER = new String(new byte[] { (byte) 0xEF, (byte) 0xBB, 
(byte) 0xBF }, StandardCharsets.UTF_8);
     }
 
     @RequestMapping(value = "/query", method = RequestMethod.POST, produces = 
{ "application/json" })
@@ -148,7 +148,9 @@ public class QueryController extends BasicController {
         SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMddHHmmssSSS", 
Locale.ROOT);
         Date now = new Date();
         String nowStr = sdf.format(now);
-        response.setHeader("Content-Disposition", "attachment; filename=\"" + 
nowStr + ".result." + format + "\"");
+        response.setHeader("Content-Disposition",
+                "attachment; filename=\"" + 
ValidateUtil.convertStringToBeAlphanumericUnderscore(nowStr) + ".result."
+                        + 
ValidateUtil.convertStringToBeAlphanumericUnderscore(format) + "\"");
         ICsvListWriter csvWriter = null;
 
         try {
diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java 
b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
index fe957fc..6273e14 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java
@@ -50,7 +50,7 @@ import com.google.common.base.Preconditions;
 
 @Component("validateUtil")
 public class ValidateUtil {
-    private final static Pattern alphaNumUnderscorePattren = 
Pattern.compile("[a-zA-Z0-9_]+");
+    private final static Pattern alphaNumUnderscorePattern = 
Pattern.compile("[a-zA-Z0-9_]+");
 
     @Autowired
     @Qualifier("tableService")
@@ -73,7 +73,11 @@ public class ValidateUtil {
     private IUserGroupService userGroupService;
 
     public static boolean isAlphanumericUnderscore(String toCheck) {
-        return toCheck == null ? false : 
alphaNumUnderscorePattren.matcher(toCheck).matches();
+        return toCheck != null && 
alphaNumUnderscorePattern.matcher(toCheck).matches();
+    }
+
+    public static String convertStringToBeAlphanumericUnderscore(String 
toBeConverted) {
+        return toBeConverted.replaceAll("[^a-zA-Z0-9_]", "");
     }
 
     public void checkIdentifiersExists(String name, boolean isPrincipal) 
throws IOException {

Reply via email to