XComp commented on a change in pull request #14171:
URL: https://github.com/apache/flink/pull/14171#discussion_r529552124
##########
File path:
flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/JaasModule.java
##########
@@ -159,12 +159,20 @@ private static File generateDefaultConfigFile(String
workingDir) {
checkArgument(workingDir != null, "working directory should not
be null.");
final File jaasConfFile;
try {
- Path path =
Files.createDirectories(Paths.get(workingDir));
+ Path path = Paths.get(workingDir);
+ if (Files.notExists(path)) {
+ // We intentionally favored Path.toRealPath
over Files.readSymbolicLinks as the latter one might return a
+ // relative path if the symbolic link refers to
it. Path.toRealPath resolves the relative path instead.
+ Path parent = path.getParent().toRealPath();
+ Path resolvedPath =
Paths.get(parent.toString(), path.getFileName().toString());
+
+ path = Files.createDirectories(resolvedPath);
+ }
Path jaasConfPath = Files.createTempFile(path, "jaas-",
".conf");
try (InputStream resourceStream =
JaasModule.class.getClassLoader().getResourceAsStream(JAAS_CONF_RESOURCE_NAME))
{
Files.copy(resourceStream, jaasConfPath,
StandardCopyOption.REPLACE_EXISTING);
}
- jaasConfFile = jaasConfPath.toFile();
+ jaasConfFile = new File(workingDir,
jaasConfPath.getFileName().toString());
Review comment:
Yes, exactly. I wanted to avoid having a different path in some
configuration than the one the user specified. The old implementation would
have lead to the resolved path being exposed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
