From f7358c3e5e94ab9c07c018061fee227267da3c52 Mon Sep 17 00:00:00 2001 From: caishunfeng Date: Thu, 21 Mar 2024 20:10:23 +0800 Subject: [PATCH] add alert script check (#15752) --- docs/docs/en/guide/alert/script.md | 10 +++++----- docs/docs/zh/guide/alert/script.md | 2 +- .../plugin/alert/script/ScriptSender.java | 5 +++++ .../plugin/alert/script/ScriptSenderTest.java | 10 ++++++++++ 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/docs/docs/en/guide/alert/script.md b/docs/docs/en/guide/alert/script.md index 0f0e3a300b..c20eb8d6f5 100644 --- a/docs/docs/en/guide/alert/script.md +++ b/docs/docs/en/guide/alert/script.md @@ -7,11 +7,11 @@ The following shows the `Script` configuration example: ## Parameter Configuration -| **Parameter** | **Description** | -|---------------|--------------------------------------------------| -| User Params | User defined parameters will pass to the script. | -| Script Path | The file location path in the server. | -| Type | Support `Shell` script. | +| **Parameter** | **Description** | +|---------------|-------------------------------------------------------------| +| User Params | User defined parameters will pass to the script. | +| Script Path | The file location path in the server, only support .sh file | +| Type | Support `Shell` script. | ### Note diff --git a/docs/docs/zh/guide/alert/script.md b/docs/docs/zh/guide/alert/script.md index 583ffcfc3c..2eb9da7ab0 100644 --- a/docs/docs/zh/guide/alert/script.md +++ b/docs/docs/zh/guide/alert/script.md @@ -12,7 +12,7 @@ * 脚本路径 - > 脚本在服务器上的文件位置 + > 脚本在服务器上的文件位置,只支持.sh后缀的文件 * 脚本类型 diff --git a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java index f78c6f5749..a18adb2c7e 100644 --- a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java +++ b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/main/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSender.java @@ -69,6 +69,11 @@ public final class ScriptSender { alertResult.setMessage("shell script not support windows os"); return alertResult; } + if (!scriptPath.endsWith(".sh")) { + alertResult.setMessage("shell script is invalid, only support .sh file"); + return alertResult; + } + // validate script path in case of injections File shellScriptFile = new File(scriptPath); // validate existence diff --git a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java index 33a32919f7..32e996f5e8 100644 --- a/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java +++ b/dolphinscheduler-alert/dolphinscheduler-alert-plugins/dolphinscheduler-alert-script/src/test/java/org/apache/dolphinscheduler/plugin/alert/script/ScriptSenderTest.java @@ -79,6 +79,16 @@ public class ScriptSenderTest { Assertions.assertEquals("false", alertResult.getStatus()); } + @Test + public void testPathError() { + scriptConfig.put(ScriptParamsConstants.NAME_SCRIPT_PATH, "/usr/sbin/abc"); + ScriptSender scriptSender = new ScriptSender(scriptConfig); + AlertResult alertResult; + alertResult = scriptSender.sendScriptAlert("test path NPE", "test content"); + Assertions.assertEquals("false", alertResult.getStatus()); + Assertions.assertTrue(alertResult.getMessage().contains("shell script is invalid, only support .sh file")); + } + @Test public void testTypeIsError() { scriptConfig.put(ScriptParamsConstants.NAME_SCRIPT_TYPE, null);