Browse Source

Remove the log path check (#13280)

3.2.0-release
Wenjun Ruan 2 years ago committed by GitHub
parent
commit
de70421a1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 35
      dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java
  2. 7
      dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java

35
dolphinscheduler-remote/src/main/java/org/apache/dolphinscheduler/remote/processor/LoggerRequestProcessor.java

@ -36,8 +36,6 @@ import org.apache.dolphinscheduler.remote.command.log.RollViewLogResponseCommand
import org.apache.dolphinscheduler.remote.command.log.ViewLogRequestCommand; import org.apache.dolphinscheduler.remote.command.log.ViewLogRequestCommand;
import org.apache.dolphinscheduler.remote.command.log.ViewLogResponseCommand; import org.apache.dolphinscheduler.remote.command.log.ViewLogResponseCommand;
import org.apache.commons.lang3.StringUtils;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.File; import java.io.File;
import java.io.FileInputStream; import java.io.FileInputStream;
@ -76,9 +74,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
GetLogBytesRequestCommand getLogRequest = JSONUtils.parseObject( GetLogBytesRequestCommand getLogRequest = JSONUtils.parseObject(
command.getBody(), GetLogBytesRequestCommand.class); command.getBody(), GetLogBytesRequestCommand.class);
String path = getLogRequest.getPath(); String path = getLogRequest.getPath();
if (!checkPathSecurity(path)) {
throw new IllegalArgumentException("Illegal path: " + path);
}
byte[] bytes = getFileContentBytes(path); byte[] bytes = getFileContentBytes(path);
GetLogBytesResponseCommand getLogResponse = new GetLogBytesResponseCommand(bytes); GetLogBytesResponseCommand getLogResponse = new GetLogBytesResponseCommand(bytes);
channel.writeAndFlush(getLogResponse.convert2Command(command.getOpaque())); channel.writeAndFlush(getLogResponse.convert2Command(command.getOpaque()));
@ -87,9 +82,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
ViewLogRequestCommand viewLogRequest = JSONUtils.parseObject( ViewLogRequestCommand viewLogRequest = JSONUtils.parseObject(
command.getBody(), ViewLogRequestCommand.class); command.getBody(), ViewLogRequestCommand.class);
String viewLogPath = viewLogRequest.getPath(); String viewLogPath = viewLogRequest.getPath();
if (!checkPathSecurity(viewLogPath)) {
throw new IllegalArgumentException("Illegal path: " + viewLogPath);
}
String msg = LogUtils.readWholeFileContent(viewLogPath); String msg = LogUtils.readWholeFileContent(viewLogPath);
ViewLogResponseCommand viewLogResponse = new ViewLogResponseCommand(msg); ViewLogResponseCommand viewLogResponse = new ViewLogResponseCommand(msg);
channel.writeAndFlush(viewLogResponse.convert2Command(command.getOpaque())); channel.writeAndFlush(viewLogResponse.convert2Command(command.getOpaque()));
@ -99,9 +91,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
command.getBody(), RollViewLogRequestCommand.class); command.getBody(), RollViewLogRequestCommand.class);
String rollViewLogPath = rollViewLogRequest.getPath(); String rollViewLogPath = rollViewLogRequest.getPath();
if (!checkPathSecurity(rollViewLogPath)) {
throw new IllegalArgumentException("Illegal path: " + rollViewLogPath);
}
List<String> lines = readPartFileContent(rollViewLogPath, List<String> lines = readPartFileContent(rollViewLogPath,
rollViewLogRequest.getSkipLineNum(), rollViewLogRequest.getLimit()); rollViewLogRequest.getSkipLineNum(), rollViewLogRequest.getLimit());
@ -134,9 +123,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
command.getBody(), RemoveTaskLogRequestCommand.class); command.getBody(), RemoveTaskLogRequestCommand.class);
String taskLogPath = removeTaskLogRequest.getPath(); String taskLogPath = removeTaskLogRequest.getPath();
if (!checkPathSecurity(taskLogPath)) {
throw new IllegalArgumentException("Illegal path: " + taskLogPath);
}
File taskLogFile = new File(taskLogPath); File taskLogFile = new File(taskLogPath);
boolean status = true; boolean status = true;
try { try {
@ -155,9 +141,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
JSONUtils.parseObject(command.getBody(), GetAppIdRequestCommand.class); JSONUtils.parseObject(command.getBody(), GetAppIdRequestCommand.class);
String appInfoPath = getAppIdRequestCommand.getAppInfoPath(); String appInfoPath = getAppIdRequestCommand.getAppInfoPath();
String logPath = getAppIdRequestCommand.getLogPath(); String logPath = getAppIdRequestCommand.getLogPath();
if (!checkPathSecurity(appInfoPath) || !checkPathSecurity(logPath)) {
throw new IllegalArgumentException("Illegal path");
}
List<String> appIds = LogUtils.getAppIds(logPath, appInfoPath, List<String> appIds = LogUtils.getAppIds(logPath, appInfoPath,
PropertyUtils.getString(APPID_COLLECT, DEFAULT_COLLECT_WAY)); PropertyUtils.getString(APPID_COLLECT, DEFAULT_COLLECT_WAY));
channel.writeAndFlush( channel.writeAndFlush(
@ -168,24 +151,6 @@ public class LoggerRequestProcessor implements NettyRequestProcessor {
} }
} }
/**
* LogServer only can read the logs dir.
* @param path
* @return
*/
private boolean checkPathSecurity(String path) {
String dsHome = System.getProperty("DOLPHINSCHEDULER_WORKER_HOME");
if (StringUtils.isBlank(dsHome)) {
dsHome = System.getProperty("user.dir");
}
if (StringUtils.isBlank(path)) {
logger.warn("path is null");
return false;
} else {
return path.startsWith(dsHome) && !path.contains("../") && path.endsWith(".log");
}
}
/** /**
* get files content bytes for download file * get files content bytes for download file
* *

7
dolphinscheduler-service/src/test/java/org/apache/dolphinscheduler/service/log/LoggerRequestProcessorTest.java

@ -25,7 +25,6 @@ import org.apache.dolphinscheduler.remote.processor.LoggerRequestProcessor;
import org.apache.dolphinscheduler.service.utils.LoggerUtils; import org.apache.dolphinscheduler.service.utils.LoggerUtils;
import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtendWith;
@ -80,9 +79,7 @@ public class LoggerRequestProcessorTest {
command.setBody(JSONUtils.toJsonByteArray(logRequestCommand)); command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor(); LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
Assertions.assertThrows(IllegalArgumentException.class, () -> {
loggerRequestProcessor.process(channel, command); loggerRequestProcessor.process(channel, command);
});
} }
@Test @Test
@ -98,9 +95,7 @@ public class LoggerRequestProcessorTest {
command.setBody(JSONUtils.toJsonByteArray(logRequestCommand)); command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor(); LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
Assertions.assertThrows(IllegalArgumentException.class, () -> {
loggerRequestProcessor.process(channel, command); loggerRequestProcessor.process(channel, command);
});
} }
@Test @Test
@ -115,8 +110,6 @@ public class LoggerRequestProcessorTest {
command.setBody(JSONUtils.toJsonByteArray(logRequestCommand)); command.setBody(JSONUtils.toJsonByteArray(logRequestCommand));
LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor(); LoggerRequestProcessor loggerRequestProcessor = new LoggerRequestProcessor();
Assertions.assertThrows(IllegalArgumentException.class, () -> {
loggerRequestProcessor.process(channel, command); loggerRequestProcessor.process(channel, command);
});
} }
} }

Loading…
Cancel
Save