Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


ruanwenjun merged PR #15556:
URL: https://github.com/apache/dolphinscheduler/pull/15556


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


ruanwenjun commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925251719

   > but we have a secutity scan in this pr
   
   It's OK, since the path is controlled by application, the path is not from 
user input.
   https://github.com/apache/dolphinscheduler/assets/22415594/c11dffcf-efd3-40f9-8aad-847b93bc3ec9;>
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


caishunfeng commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925248816

   Is it better to add some docs?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


zhongjiajie commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925246004

   but we have a secutity scan in this pr


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


sonarcloud[bot] commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925206217

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
 **Quality Gate failed**  
   Failed conditions
   
   [28.1% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache-dolphinscheduler=15556=new_coverage=list)
 (required ≥ 60%)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


sonarcloud[bot] commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925206277

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
 **Quality Gate failed**  
   Failed conditions
   
   [28.1% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache-dolphinscheduler=15556=new_coverage=list)
 (required ≥ 60%)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-03 Thread via GitHub 


github-advanced-security[bot] commented on code in PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#discussion_r1477011637


##
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java:
##
@@ -325,59 +266,47 @@
 return crcString;
 }
 
-public static void setFileOwner(Path filePath, String fileOwner) throws 
FileOperateException {
-try {
-// We use linux command to set the file owner, since jdk api will 
not use sudo.
-String command = String.format("sudo chown %s %s", fileOwner, 
filePath.toString());
-Runtime.getRuntime().exec(command);
-Process process = Runtime.getRuntime().exec(command);
-int exitCode = process.waitFor();
-if (0 != exitCode) {
-throw new FileOperateException(
-"Set file: " + filePath + " to owner: " + fileOwner + 
" failed, existCode(" + exitCode + ")");
-}
-} catch (FileOperateException ex) {
-throw ex;
-} catch (Exception ex) {
-throw new FileOperateException("Set directory: " + filePath + " to 
owner: " + fileOwner + " failed");
-
+public static void createFileWith755(@NonNull Path path) throws 
IOException {
+if (SystemUtils.IS_OS_WINDOWS) {
+Files.createFile(path);
+} else {
+Files.createFile(path);
+Files.setPosixFilePermissions(path, PERMISSION_755);
 }
 }
 
-public static void setDirectoryOwner(Path filePath, String fileOwner) 
throws FileOperateException {
-try {
-// We use linux command to set the file owner, since jdk api will 
not use sudo.
-String command = String.format("sudo chown -R %s %s", fileOwner, 
filePath.toString());
-Runtime.getRuntime().exec(command);
-Process process = Runtime.getRuntime().exec(command);
-int exitCode = process.waitFor();
-if (0 != exitCode) {
-throw new FileOperateException("Set directory: " + filePath + 
" to owner: " + fileOwner
-+ " failed, existCode(" + exitCode + ")");
+public static void createDirectoryWith755(@NonNull Path path) throws 
IOException {
+if (path.toFile().exists()) {
+return;
+}
+if (OSUtils.isWindows()) {
+Files.createDirectories(path);
+} else {
+Path parent = path.getParent();
+if (parent != null && !parent.toFile().exists()) {
+createDirectoryWith755(parent);
 }
-} catch (FileOperateException ex) {
-throw ex;
-} catch (Exception ex) {
-throw new FileOperateException("Set directory: " + filePath + " to 
owner: " + fileOwner + " failed");
+
+Files.createDirectory(path);

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   
   [Show more 
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3894)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-02 Thread via GitHub 


codecov-commenter commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1925204666

   ## 
[Codecov](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=h1_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 Report
   Attention: `26 lines` in your changes are missing coverage. Please review.
   > Comparison is base 
[(`1b42d45`)](https://app.codecov.io/gh/apache/dolphinscheduler/commit/1b42d45fcdd22ccac7692fac4a64d096736f5e7c?el=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 38.40% compared to head 
[(`2c33a9c`)](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=desc_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 38.40%.
   
   > :exclamation: Current head 2c33a9c differs from pull request most recent 
head 4d3e6e4. Consider uploading reports for the commit 4d3e6e4 to get more 
accurate results
   
   | 
[Files](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 | Patch % | Lines |
   |---|---|---|
   | 
[...pache/dolphinscheduler/common/utils/FileUtils.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1jb21tb24vc3JjL21haW4vamF2YS9vcmcvYXBhY2hlL2RvbHBoaW5zY2hlZHVsZXIvY29tbW9uL3V0aWxzL0ZpbGVVdGlscy5qYXZh)
 | 24.00% | [16 Missing and 3 partials :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   | 
[...e/dolphinscheduler/service/utils/ProcessUtils.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1zZXJ2aWNlL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kb2xwaGluc2NoZWR1bGVyL3NlcnZpY2UvdXRpbHMvUHJvY2Vzc1V0aWxzLmphdmE=)
 | 0.00% | [1 Missing :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   | 
[...heduler/plugin/storage/abs/AbsStorageOperator.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1zdG9yYWdlLXBsdWdpbi9kb2xwaGluc2NoZWR1bGVyLXN0b3JhZ2UtYWJzL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kb2xwaGluc2NoZWR1bGVyL3BsdWdpbi9zdG9yYWdlL2Ficy9BYnNTdG9yYWdlT3BlcmF0b3IuamF2YQ==)
 | 0.00% | [1 Missing :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   | 
[...heduler/plugin/storage/gcs/GcsStorageOperator.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1zdG9yYWdlLXBsdWdpbi9kb2xwaGluc2NoZWR1bGVyLXN0b3JhZ2UtZ2NzL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kb2xwaGluc2NoZWR1bGVyL3BsdWdpbi9zdG9yYWdlL2djcy9HY3NTdG9yYWdlT3BlcmF0b3IuamF2YQ==)
 | 0.00% | [1 Missing :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   | 
[...heduler/plugin/storage/obs/ObsStorageOperator.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1zdG9yYWdlLXBsdWdpbi9kb2xwaGluc2NoZWR1bGVyLXN0b3JhZ2Utb2JzL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kb2xwaGluc2NoZWR1bGVyL3BsdWdpbi9zdG9yYWdlL29icy9PYnNTdG9yYWdlT3BlcmF0b3IuamF2YQ==)
 | 0.00% | [1 Missing :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   | 
[...heduler/plugin/storage/oss/OssStorageOperator.java](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache#diff-ZG9scGhpbnNjaGVkdWxlci1zdG9yYWdlLXBsdWdpbi9kb2xwaGluc2NoZWR1bGVyLXN0b3JhZ2Utb3NzL3NyYy9tYWluL2phdmEvb3JnL2FwYWNoZS9kb2xwaGluc2NoZWR1bGVyL3BsdWdpbi9zdG9yYWdlL29zcy9Pc3NTdG9yYWdlT3BlcmF0b3IuamF2YQ==)
 | 0.00% | [1 Missing :warning: 
](https://app.codecov.io/gh/apache/dolphinscheduler/pull/15556?src=pr=tree_medium=referral_source=github_content=comment_campaign=pr+comments_term=apache)
 |
   |

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-02 Thread via GitHub 


sonarcloud[bot] commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1923790673

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
 **Quality Gate failed**  
   Failed conditions
   
   [41.7% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache-dolphinscheduler=15556=new_coverage=list)
 (required ≥ 60%)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-02 Thread via GitHub 


sonarcloud[bot] commented on PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#issuecomment-1923788957

   ## [![Quality Gate 
Failed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-failed-20px.png
 'Quality Gate 
Failed')](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
 **Quality Gate failed**  
   Failed conditions
   
   [41.7% Coverage on New 
Code](https://sonarcloud.io/component_measures?id=apache-dolphinscheduler=15556=new_coverage=list)
 (required ≥ 60%)  
 
   [See analysis details on 
SonarCloud](https://sonarcloud.io/dashboard?id=apache-dolphinscheduler=15556)
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] Fix createFile with permission will not work [dolphinscheduler]

2024-02-02 Thread via GitHub 


github-advanced-security[bot] commented on code in PR #15556:
URL: 
https://github.com/apache/dolphinscheduler/pull/15556#discussion_r147597


##
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java:
##
@@ -363,21 +306,27 @@
 }
 }
 
-public static void createDirectoryIfNotPresent(Path path) throws 
IOException {
-if (Files.exists(path)) {
-return;
-}
-Files.createDirectories(path);
-}
-
-/**
- * Create a file with '755'.
- */
 public static void createFileWith755(@NonNull Path path) throws 
IOException {
 if (SystemUtils.IS_OS_WINDOWS) {
 Files.createFile(path);
 } else {
-Files.createFile(path, PERMISSION_755);
+Files.createFile(path);
+Files.setPosixFilePermissions(path, PERMISSION_755);
+}
+}
+
+public static void createDirectoryWith755(@NonNull Path path) throws 
IOException {
+if (OSUtils.isWindows()) {
+Files.createDirectories(path);

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   
   [Show more 
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3887)



##
dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/utils/FileUtils.java:
##
@@ -363,21 +306,27 @@
 }
 }
 
-public static void createDirectoryIfNotPresent(Path path) throws 
IOException {
-if (Files.exists(path)) {
-return;
-}
-Files.createDirectories(path);
-}
-
-/**
- * Create a file with '755'.
- */
 public static void createFileWith755(@NonNull Path path) throws 
IOException {
 if (SystemUtils.IS_OS_WINDOWS) {
 Files.createFile(path);
 } else {
-Files.createFile(path, PERMISSION_755);
+Files.createFile(path);
+Files.setPosixFilePermissions(path, PERMISSION_755);
+}
+}
+
+public static void createDirectoryWith755(@NonNull Path path) throws 
IOException {
+if (OSUtils.isWindows()) {
+Files.createDirectories(path);
+} else {
+Path parent = path.getParent();
+if (parent != null && !parent.toFile().exists()) {
+createDirectoryWith755(parent);
+}
+
+Files.createDirectory(path);

Review Comment:
   ## Uncontrolled data used in path expression
   
   This path depends on a [user-provided value](1).
   
   [Show more 
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3888)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@dolphinscheduler.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org