rameeshm commented on code in PR #880:
URL: https://github.com/apache/ranger/pull/880#discussion_r2964226769
##########
knox-agent/src/main/java/org/apache/ranger/services/knox/client/KnoxClient.java:
##########
@@ -420,4 +421,32 @@ public List<String> getServiceList(List<String>
knoxTopologyList, String service
}
return serviceList;
}
+
+ private void validateResourceName(String resourceName, String
resourceType) {
+ if (resourceName == null) {
+ return;
+ }
+
+ if (resourceName.contains("..") || resourceName.contains("//") ||
resourceName.contains("\\")) {
+ String msgDesc = "Invalid " + resourceType + ": [" +
resourceName + "]. Path traversal patterns are not allowed.";
+ HadoopException hdpException = new HadoopException(msgDesc);
+
+ hdpException.generateResponseDataMap(false, msgDesc, msgDesc +
ERROR_MSG, null, null);
+
+ LOG.error(msgDesc);
+
+ throw hdpException;
+ }
+
+ if (!resourceName.matches("^[a-zA-Z0-9_.*\\-]+$")) {
+ String msgDesc = "Invalid " + resourceType + ": [" +
resourceName + "]. Only alphanumeric characters, dots, underscores, hyphens,
and wildcards are allowed.";
+ HadoopException hdpException = new HadoopException(msgDesc);
+
+ hdpException.generateResponseDataMap(false, msgDesc, msgDesc +
ERROR_MSG, null, null);
+
+ LOG.error(msgDesc);
+
+ throw hdpException;
+ }
Review Comment:
This is fine. We can take it up for refactoring Knoxclient to be subclass of
BaseClient
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
