From de70421a1eefaf4105c2961787b3710fa4b94f4f Mon Sep 17 00:00:00 2001
From: Wenjun Ruan <wenjun@apache.org>
Date: Mon, 26 Dec 2022 22:39:08 +0800
Subject: [PATCH] Remove the log path check (#13280)

---
 .../processor/LoggerRequestProcessor.java     | 35 -------------------
 .../log/LoggerRequestProcessorTest.java       | 13 ++-----
 2 files changed, 3 insertions(+), 45 deletions(-)

diff --git a/dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java b/dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java
index e695fd4494..8e8eb7bd4e 100644
--- a/dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java
+++ b/dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java
@@ -36,8 +36,6 @@ import org.apache.dolphinscheduler.remote.command.log.RollViewLogResponseCommand
 import org.apache.dolphinscheduler.remote.command.log.ViewLogRequestCommand;
 import org.apache.dolphinscheduler.remote.command.log.ViewLogResponseCommand;
 
-import org.apache.commons.lang3.StringUtils;
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -76,9 +74,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
                 GetLogBytesRequestCommand getLogRequest = JSONUtils.parseObject(
                         command.getBody(), GetLogBytesRequestCommand.class);
                 String path = getLogRequest.getPath();
-                if (!checkPathSecurity(path)) {
-                    throw new IllegalArgumentException("Illegal path: " + path);
-                }
                 byte[] bytes = getFileContentBytes(path);
                 GetLogBytesResponseCommand getLogResponse = new GetLogBytesResponseCommand(bytes);
                 channel.writeAndFlush(getLogResponse.convert2Command(command.getOpaque()));
@@ -87,9 +82,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
                 ViewLogRequestCommand viewLogRequest = JSONUtils.parseObject(
                         command.getBody(), ViewLogRequestCommand.class);
                 String viewLogPath = viewLogRequest.getPath();
-                if (!checkPathSecurity(viewLogPath)) {
-                    throw new IllegalArgumentException("Illegal path: " + viewLogPath);
-                }
                 String msg = LogUtils.readWholeFileContent(viewLogPath);
                 ViewLogResponseCommand viewLogResponse = new ViewLogResponseCommand(msg);
                 channel.writeAndFlush(viewLogResponse.convert2Command(command.getOpaque()));
@@ -99,9 +91,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
                         command.getBody(), RollViewLogRequestCommand.class);
 
                 String rollViewLogPath = rollViewLogRequest.getPath();
-                if (!checkPathSecurity(rollViewLogPath)) {
-                    throw new IllegalArgumentException("Illegal path: " + rollViewLogPath);
-                }
 
                 List<String> lines = readPartFileContent(rollViewLogPath,
                         rollViewLogRequest.getSkipLineNum(), rollViewLogRequest.getLimit());
@@ -134,9 +123,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
                         command.getBody(), RemoveTaskLogRequestCommand.class);
 
                 String taskLogPath = removeTaskLogRequest.getPath();
-                if (!checkPathSecurity(taskLogPath)) {
-                    throw new IllegalArgumentException("Illegal path: " + taskLogPath);
-                }
                 File taskLogFile = new File(taskLogPath);
                 boolean status = true;
                 try {
@@ -155,9 +141,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
                         JSONUtils.parseObject(command.getBody(), GetAppIdRequestCommand.class);
                 String appInfoPath = getAppIdRequestCommand.getAppInfoPath();
                 String logPath = getAppIdRequestCommand.getLogPath();
-                if (!checkPathSecurity(appInfoPath) || !checkPathSecurity(logPath)) {
-                    throw new IllegalArgumentException("Illegal path");
-                }
                 List<String> appIds = LogUtils.getAppIds(logPath, appInfoPath,
                         PropertyUtils.getString(APPID_COLLECT, DEFAULT_COLLECT_WAY));
                 channel.writeAndFlush(
@@ -168,24 +151,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
         }
     }
 
-    /**
-     * LogServer only can read the logs dir.
-     * @param path
-     * @return
-     */
-    private boolean checkPathSecurity(String path) {
-        String dsHome = System.getProperty("DOLPHINSCHEDULER_WORKER_HOME");
-        if (StringUtils.isBlank(dsHome)) {
-            dsHome = System.getProperty("user.dir");
-        }
-        if (StringUtils.isBlank(path)) {
-            logger.warn("path is null");
-            return false;
-        } else {
-            return path.startsWith(dsHome) && !path.contains("../") && path.endsWith(".log");
-        }
-    }
-
     /**
      * get files content bytes for download file
      *
diff --git a/dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java b/dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java
index 167f0a54d9..fb02a3be48 100644
--- a/dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java
+++ b/dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java
@@ -25,7 +25,6 @@ import org.apache.dolphinscheduler.remote.processor.LoggerRequestProcessor;
 import org.apache.dolphinscheduler.service.utils.LoggerUtils;
 
 import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -80,9 +79,7 @@ public class LoggerRequestProcessorTest {
         command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
 
         LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
-        Assertions.assertThrows(IllegalArgumentException.class, () -> {
-            loggerRequestProcessor.process(channel, command);
-        });
+        loggerRequestProcessor.process(channel, command);
     }
 
     @Test
@@ -98,9 +95,7 @@ public class LoggerRequestProcessorTest {
         command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
 
         LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
-        Assertions.assertThrows(IllegalArgumentException.class, () -> {
-            loggerRequestProcessor.process(channel, command);
-        });
+        loggerRequestProcessor.process(channel, command);
     }
 
     @Test
@@ -115,8 +110,6 @@ public class LoggerRequestProcessorTest {
         command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
 
         LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
-        Assertions.assertThrows(IllegalArgumentException.class, () -> {
-            loggerRequestProcessor.process(channel, command);
-        });
+        loggerRequestProcessor.process(channel, command);
     }
 }