This is an automated email from the ASF dual-hosted git repository.
epugh pushed a commit to branch branch_9x
in repository https://gitbox.apache.org/repos/asf/solr.git
The following commit(s) were added to refs/heads/branch_9x by this push:
new 05a5119bbaf SOLR-16631: solr.allowUrls - hostnames should be treated
in case insensitive way (#1325)
05a5119bbaf is described below
commit 05a5119bbaf19809211aa46203fb6c15a7840d62
Author: Paul Blanchaert <[email protected]>
AuthorDate: Mon Feb 6 16:21:52 2023 +0100
SOLR-16631: solr.allowUrls - hostnames should be treated in case
insensitive way (#1325)
* Case insensitive check within AllowListUrlChecker.java (SOLR-16631)
---
solr/CHANGES.txt | 2 ++
solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java | 3 ++-
.../src/test/org/apache/solr/security/AllowListUrlCheckerTest.java | 4 ++--
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 960b317fdef..d68f022459b 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -161,6 +161,8 @@ Bug Fixes
* SOLR-16621: Admin UI fails to grant user permissions that have wildcard role
(janhoy)
+* SOLR-16631: solr.allowUrls (former solr.shardsWhitelist) should treat
hostnames in case insensitive way. (Paul Blanchaert via Eric Pugh)
+
Build
---------------------
* Upgrade forbiddenapis to 3.4 (Uwe Schindler)
diff --git
a/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java
b/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java
index f005cd0f75f..1354fde0ec7 100644
--- a/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java
+++ b/solr/core/src/java/org/apache/solr/security/AllowListUrlChecker.java
@@ -140,7 +140,8 @@ public class AllowListUrlChecker {
clusterState == null ? Collections.emptySet() :
clusterState.getHostAllowList();
for (String url : urls) {
String hostPort = parseHostPort(url);
- if (!clusterHostAllowList.contains(hostPort) &&
!hostAllowList.contains(hostPort)) {
+ if (clusterHostAllowList.stream().noneMatch(hostPort::equalsIgnoreCase)
+ && hostAllowList.stream().noneMatch(hostPort::equalsIgnoreCase)) {
throw new SolrException(
SolrException.ErrorCode.FORBIDDEN,
"URL "
diff --git
a/solr/core/src/test/org/apache/solr/security/AllowListUrlCheckerTest.java
b/solr/core/src/test/org/apache/solr/security/AllowListUrlCheckerTest.java
index 394c847260f..56da97d24a1 100644
--- a/solr/core/src/test/org/apache/solr/security/AllowListUrlCheckerTest.java
+++ b/solr/core/src/test/org/apache/solr/security/AllowListUrlCheckerTest.java
@@ -55,14 +55,14 @@ public class AllowListUrlCheckerTest extends SolrTestCaseJ4
{
@Test
public void testSingleHost() throws Exception {
AllowListUrlChecker checker = new
AllowListUrlChecker(urls("http://abc-1.com:8983/solr";));
- checker.checkAllowList(urls("http://abc-1.com:8983/solr";));
+ checker.checkAllowList(urls("http://Abc-1.Com:8983/solr";));
}
@Test
public void testMultipleHosts() throws Exception {
AllowListUrlChecker checker =
new AllowListUrlChecker(
- urls("http://abc-1.com:8983";, "http://abc-2.com:8983";,
"http://abc-3.com:8983";));
+ urls("http://abc-1.com:8983";, "http://abc-2.com:8983";,
"http://ABC-3.com:8983";));
checker.checkAllowList(
urls(
"http://abc-3.com:8983/solr";,
