github
/
DolphinScheduler
mirror of https://gitee.com/dolphinscheduler/DolphinScheduler.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

fix this issue (#7828)

3.0.0/version-upgrade
calvin 3 years ago committed by GitHub
parent
0911fd711d
commit
a8d19f271a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java

16
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ProcessDefinitionServiceImpl.java
Unescape View File

@ -900,9 +900,9 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
List<ProcessTaskRelationLog> processTaskRelationList = new ArrayList<>(); List<ProcessTaskRelationLog> processTaskRelationList = new ArrayList<>();
// for Zip Bomb Attack // for Zip Bomb Attack
int THRESHOLD_ENTRIES = 10000; final int THRESHOLD_ENTRIES = 10000;
int THRESHOLD_SIZE = 1000000000; // 1 GB final int THRESHOLD_SIZE = 1000000000; // 1 GB
double THRESHOLD_RATIO = 10; final double THRESHOLD_RATIO = 10;
int totalEntryArchive = 0; int totalEntryArchive = 0;
int totalSizeEntry = 0; int totalSizeEntry = 0;
// In most cases, there will be only one data source // In most cases, there will be only one data source
@ -921,7 +921,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
ZipEntry entry; ZipEntry entry;
while ((entry = zIn.getNextEntry()) != null) { while ((entry = zIn.getNextEntry()) != null) {
totalEntryArchive ++; totalEntryArchive++;
int totalSizeArchive = 0; int totalSizeArchive = 0;
if (!entry.isDirectory()) { if (!entry.isDirectory()) {
StringBuilder sql = new StringBuilder(); StringBuilder sql = new StringBuilder();
@ -934,7 +934,7 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
totalSizeEntry += nBytes; totalSizeEntry += nBytes;
totalSizeArchive += nBytes; totalSizeArchive += nBytes;
long compressionRatio = totalSizeEntry / entry.getCompressedSize(); long compressionRatio = totalSizeEntry / entry.getCompressedSize();
if(compressionRatio > THRESHOLD_RATIO) { if (compressionRatio > THRESHOLD_RATIO) {
throw new IllegalStateException("ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack"); throw new IllegalStateException("ratio between compressed and uncompressed data is highly suspicious, looks like a Zip Bomb Attack");
} }
int commentIndex = line.indexOf("-- "); int commentIndex = line.indexOf("-- ");
@ -995,11 +995,11 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
taskNameToUpstream.put(taskDefinition.getName(), upstreams); taskNameToUpstream.put(taskDefinition.getName(), upstreams);
} }
if(totalSizeArchive > THRESHOLD_SIZE) { if (totalSizeArchive > THRESHOLD_SIZE) {
throw new IllegalStateException("the uncompressed data size is too much for the application resource capacity"); throw new IllegalStateException("the uncompressed data size is too much for the application resource capacity");
} }
if(totalEntryArchive > THRESHOLD_ENTRIES) { if (totalEntryArchive > THRESHOLD_ENTRIES) {
throw new IllegalStateException("too much entries in this archive, can lead to inodes exhaustion of the system"); throw new IllegalStateException("too much entries in this archive, can lead to inodes exhaustion of the system");
} }
} }
@ -1166,6 +1166,8 @@ public class ProcessDefinitionServiceImpl extends BaseServiceImpl implements Pro
} }
processDefinition.setLocations(newArrayNode.toString()); processDefinition.setLocations(newArrayNode.toString());
} }
processDefinition.setCreateTime(new Date());
processDefinition.setUpdateTime(new Date());
Map<String, Object> createDagResult = createDagDefine(loginUser, taskRelationLogList, processDefinition, Lists.newArrayList()); Map<String, Object> createDagResult = createDagDefine(loginUser, taskRelationLogList, processDefinition, Lists.newArrayList());
if (Status.SUCCESS.equals(createDagResult.get(Constants.STATUS))) { if (Status.SUCCESS.equals(createDagResult.get(Constants.STATUS))) {
putMsg(createDagResult, Status.SUCCESS); putMsg(createDagResult, Status.SUCCESS);

Write Preview
Loading…
Cancel
Save