[jira] [Commented] (DRILL-5964) Do not allow queries to access paths outside the current workspace root

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/DRILL-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16267671#comment-16267671
 ] 

ASF GitHub Bot commented on DRILL-5964:
---------------------------------------

Github user arina-ielchiieva commented on a diff in the pull request:

    https://github.com/apache/drill/pull/1050#discussion_r153337275
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/WorkspaceConfig.java
 ---
    @@ -30,18 +30,25 @@
     public class WorkspaceConfig {
     
       /** Default workspace is a root directory which supports read, but not 
write. */
    -  public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", 
false, null);
    +  public static final WorkspaceConfig DEFAULT = new WorkspaceConfig("/", 
false, null, false);
     
       private final String location;
       private final boolean writable;
       private final String defaultInputFormat;
    -
    +  private final Boolean allowAccessOutsideWorkspace; // allow access 
outside the workspace by default. This
    +                                                     // field is a Boolean 
(not boolean) so that we can
    +                                                     // assign a default 
value if it is not defined in a
    +                                                     // storage plugin 
config
       public WorkspaceConfig(@JsonProperty("location") String location,
                              @JsonProperty("writable") boolean writable,
    -                         @JsonProperty("defaultInputFormat") String 
defaultInputFormat) {
    +                         @JsonProperty("defaultInputFormat") String 
defaultInputFormat,
    +                         @JsonProperty("allowAccessOutsideWorkspace") 
Boolean allowAccessOutsideWorkspace
    +      ) {
         this.location = location;
         this.writable = writable;
         this.defaultInputFormat = defaultInputFormat;
    +    //this.allowAccessOutsideWorkspace = allowAccessOutsideWorkspace != 
null ? allowAccessOutsideWorkspace : false ;
    +    this.allowAccessOutsideWorkspace = true;
    --- End diff --
    
    It seems we should not always set true...


> Do not allow queries to access paths outside the current workspace root
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5964
>                 URL: https://issues.apache.org/jira/browse/DRILL-5964
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Parth Chandra
>            Assignee: Parth Chandra
>              Labels: doc-impacting
>
> Workspace definitions in the dfs plugin are intended to provide a convenient 
> shortcut to long directory paths. However, some users may wish to disallow 
> access to paths outside the root of the workspace, possibly to prevent 
> accidental access. Note that this is a convenience option and not a 
> substitute for permissions on the file system.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)