add alert script check (#15752)

1 month ago · f7358c3e5e
4 changed files with 21 additions and 6 deletions
--- a/docs/docs/en/guide/alert/script.md
+++ b/docs/docs/en/guide/alert/script.md
@ -7,11 +7,11 @@ The following shows the `Script` configuration example:

 ## Parameter Configuration

-| **Parameter** |                 **Description**                  |
-|---------------|--------------------------------------------------|
-| User Params   | User defined parameters will pass to the script. |
-| Script Path   | The file location path in the server.            |
-| Type          | Support `Shell` script.                          |
+| **Parameter** |                       **Description**                       |
+|---------------|-------------------------------------------------------------|
+| User Params   | User defined parameters will pass to the script.            |
+| Script Path   | The file location path in the server, only support .sh file |
+| Type          | Support `Shell` script.                                     |

 ### Note

--- a/docs/docs/zh/guide/alert/script.md
+++ b/docs/docs/zh/guide/alert/script.md
@ -12,7 +12,7 @@

 * 脚本路径

-  > 脚本在服务器上的文件位置
+  > 脚本在服务器上的文件位置，只支持.sh后缀的文件

 * 脚本类型

--- a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java
+++ b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java
@ -69,6 +69,11 @@ public final class ScriptSender {
            alertResult.setMessage("shell script not support windows os");
            return alertResult;
        }
+        if (!scriptPath.endsWith(".sh")) {
+            alertResult.setMessage("shell script is invalid, only support .sh file");
+            return alertResult;
+        }
+
        // validate script path in case of injections
        File shellScriptFile = new File(scriptPath);
        // validate existence
--- a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java
+++ b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java
@ -79,6 +79,16 @@ public class ScriptSenderTest {
        Assertions.assertEquals("false", alertResult.getStatus());
    }

+    @Test
+    public void testPathError() {
+        scriptConfig.put(ScriptParamsConstants.NAME_SCRIPT_PATH, "/usr/sbin/abc");
+        ScriptSender scriptSender = new ScriptSender(scriptConfig);
+        AlertResult alertResult;
+        alertResult = scriptSender.sendScriptAlert("test path NPE", "test content");
+        Assertions.assertEquals("false", alertResult.getStatus());
+        Assertions.assertTrue(alertResult.getMessage().contains("shell script is invalid, only support .sh file"));
+    }
+
    @Test
    public void testTypeIsError() {
        scriptConfig.put(ScriptParamsConstants.NAME_SCRIPT_TYPE, null);