Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 1B4B3200D18 for ; Wed, 27 Sep 2017 01:50:55 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 19B801609D7; Tue, 26 Sep 2017 23:50:55 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B6ADD1609EA for ; Wed, 27 Sep 2017 01:50:53 +0200 (CEST) Received: (qmail 21252 invoked by uid 500); 26 Sep 2017 23:50:52 -0000 Mailing-List: contact commits-help@atlas.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@atlas.apache.org Delivered-To: mailing list commits@atlas.apache.org Received: (qmail 21243 invoked by uid 99); 26 Sep 2017 23:50:52 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 Sep 2017 23:50:52 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id AD2EFF554A; Tue, 26 Sep 2017 23:50:52 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: madhan@apache.org To: commits@atlas.apache.org Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: atlas git commit: ATLAS-2174: code improvements and validations Date: Tue, 26 Sep 2017 23:50:52 +0000 (UTC) archived-at: Tue, 26 Sep 2017 23:50:55 -0000 Repository: atlas Updated Branches: refs/heads/branch-0.8 50980f7a9 -> eea405089 ATLAS-2174: code improvements and validations Signed-off-by: Madhan Neethiraj (cherry picked from commit 049c5120e19bd12ff16142da2d0c6fd609e492d7) Project: http://git-wip-us.apache.org/repos/asf/atlas/repo Commit: http://git-wip-us.apache.org/repos/asf/atlas/commit/eea40508 Tree: http://git-wip-us.apache.org/repos/asf/atlas/tree/eea40508 Diff: http://git-wip-us.apache.org/repos/asf/atlas/diff/eea40508 Branch: refs/heads/branch-0.8 Commit: eea405089ad7b0b25e8c9c5141a1d75edebfb5c2 Parents: 50980f7 Author: Nixon Rodrigues Authored: Tue Sep 26 14:26:00 2017 -0700 Committer: Madhan Neethiraj Committed: Tue Sep 26 16:46:10 2017 -0700 ---------------------------------------------------------------------- .../org/apache/atlas/AtlasConfiguration.java | 2 + .../java/org/apache/atlas/AtlasErrorCode.java | 3 +- .../apache/atlas/web/rest/DiscoveryREST.java | 56 +++++++++++++++++++- .../org/apache/atlas/web/rest/EntityREST.java | 37 +++++++++++++ .../org/apache/atlas/web/rest/LineageREST.java | 3 ++ .../org/apache/atlas/web/rest/TypesREST.java | 20 +++++++ .../org/apache/atlas/web/util/Servlets.java | 10 ++++ 7 files changed, 129 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/common/src/main/java/org/apache/atlas/AtlasConfiguration.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/atlas/AtlasConfiguration.java b/common/src/main/java/org/apache/atlas/AtlasConfiguration.java index f5a648d..9a9bb76 100644 --- a/common/src/main/java/org/apache/atlas/AtlasConfiguration.java +++ b/common/src/main/java/org/apache/atlas/AtlasConfiguration.java @@ -31,6 +31,8 @@ public enum AtlasConfiguration { WEBSERVER_QUEUE_SIZE("atlas.webserver.queuesize", 100), WEBSERVER_REQUEST_BUFFER_SIZE("atlas.jetty.request.buffer.size", 16192), + QUERY_PARAM_MAX_LENGTH("atlas.query.param.max.length", 4*1024), + //search configuration SEARCH_MAX_LIMIT("atlas.search.maxlimit", 10000), SEARCH_DEFAULT_LIMIT("atlas.search.defaultlimit", 100); http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java ---------------------------------------------------------------------- diff --git a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java index 2044785..18392d4 100644 --- a/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java +++ b/intg/src/main/java/org/apache/atlas/AtlasErrorCode.java @@ -74,7 +74,8 @@ public enum AtlasErrorCode { INVALID_RELATIONSHIP_ATTRIBUTE(400, "ATLAS-400-00-02C", "Expected attribute {0} to be a relationship but found type {}"), INVALID_RELATIONSHIP_TYPE(400, "ATLAS-400-00-02D", "Invalid entity type {0}, guid {1} in relationship search"), INVALID_IMPORT_ATTRIBUTE_TYPE_CHANGED(400, "ATLAS-400-00-050", "Attribute {0}.{1} is of type {2}. Import has this attribute type as {3}"), - SAVED_SEARCH_CHANGE_USER(400, "ATLAS-400-00-051", "saved-search {0} can not be moved from user {1} to {2}"), + SAVED_SEARCH_CHANGE_USER(400, "ATLAS-400-00-056", "saved-search {0} can not be moved from user {1} to {2}"), + INVALID_QUERY_PARAM_LENGTH(400, "ATLAS-400-00-057" , "Length of query param {0} exceeds the limit"), // All Not found enums go here UNKNOWN_CLASSIFICATION(400, "ATLAS-400-00-046", "{0}: Unknown/invalid classification"), http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java index 747fb4b..1780c67 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java @@ -17,6 +17,7 @@ */ package org.apache.atlas.web.rest; +import org.apache.atlas.AtlasConfiguration; import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.SortOrder; import org.apache.atlas.discovery.AtlasDiscoveryService; @@ -89,6 +90,10 @@ public class DiscoveryREST { @QueryParam("classification") String classification, @QueryParam("limit") int limit, @QueryParam("offset") int offset) throws AtlasBaseException { + Servlets.validateQueryParamLength("query", query); + Servlets.validateQueryParamLength("typeName", typeName); + Servlets.validateQueryParamLength("classification", classification); + AtlasPerfTracer perf = null; try { @@ -127,6 +132,8 @@ public class DiscoveryREST { @QueryParam("excludeDeletedEntities") boolean excludeDeletedEntities, @QueryParam("limit") int limit, @QueryParam("offset") int offset) throws AtlasBaseException { + Servlets.validateQueryParamLength("query", query); + AtlasPerfTracer perf = null; try { @@ -165,6 +172,10 @@ public class DiscoveryREST { @QueryParam("excludeDeletedEntities") boolean excludeDeletedEntities, @QueryParam("limit") int limit, @QueryParam("offset") int offset) throws AtlasBaseException { + Servlets.validateQueryParamLength("query", query); + Servlets.validateQueryParamLength("typeName", typeName); + Servlets.validateQueryParamLength("classification", classification); + AtlasPerfTracer perf = null; try { @@ -210,6 +221,10 @@ public class DiscoveryREST { @QueryParam("typeName") String typeName, @QueryParam("limit") int limit, @QueryParam("offset") int offset) throws AtlasBaseException { + Servlets.validateQueryParamLength("attrName", attrName); + Servlets.validateQueryParamLength("attrValuePrefix", attrValuePrefix); + Servlets.validateQueryParamLength("typeName", typeName); + AtlasPerfTracer perf = null; try { @@ -224,7 +239,6 @@ public class DiscoveryREST { } return atlasDiscoveryService.searchUsingBasicQuery(null, typeName, null, attrName, attrValuePrefix, true, limit, offset); - } finally { AtlasPerfTracer.log(perf); } @@ -267,6 +281,8 @@ public class DiscoveryREST { throw new AtlasBaseException(AtlasErrorCode.INVALID_SEARCH_PARAMS); } + validateSearchParameters(parameters); + return atlasDiscoveryService.searchWithParameters(parameters); } finally { AtlasPerfTracer.log(perf); @@ -298,6 +314,10 @@ public class DiscoveryREST { @QueryParam("excludeDeletedEntities") boolean excludeDeletedEntities, @QueryParam("limit") int limit, @QueryParam("offset") int offset) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + Servlets.validateQueryParamLength("relation", relation); + Servlets.validateQueryParamLength("sortBy", sortByAttribute); + AtlasPerfTracer perf = null; try { @@ -323,6 +343,8 @@ public class DiscoveryREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasUserSavedSearch addSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException, IOException { + validateUserSavedSearch(savedSearch); + AtlasPerfTracer perf = null; try { @@ -347,6 +369,8 @@ public class DiscoveryREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasUserSavedSearch updateSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException { + validateUserSavedSearch(savedSearch); + AtlasPerfTracer perf = null; try { @@ -373,6 +397,9 @@ public class DiscoveryREST { @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasUserSavedSearch getSavedSearch(@PathParam("name") String searchName, @QueryParam("user") String userName) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", searchName); + Servlets.validateQueryParamLength("user", userName); + AtlasPerfTracer perf = null; try { @@ -397,6 +424,8 @@ public class DiscoveryREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public List getSavedSearches(@QueryParam("user") String userName) throws AtlasBaseException { + Servlets.validateQueryParamLength("user", userName); + AtlasPerfTracer perf = null; try { @@ -418,6 +447,8 @@ public class DiscoveryREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public void deleteSavedSearch(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -446,6 +477,9 @@ public class DiscoveryREST { @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasSearchResult executeSavedSearchByName(@PathParam("name") String searchName, @QueryParam("user") String userName) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", searchName); + Servlets.validateQueryParamLength("user", userName); + AtlasPerfTracer perf = null; try { @@ -474,6 +508,8 @@ public class DiscoveryREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasSearchResult executeSavedSearchByGuid(@PathParam("guid") String searchGuid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", searchGuid); + AtlasPerfTracer perf = null; try { @@ -505,4 +541,22 @@ public class DiscoveryREST { return atlasDiscoveryService.searchWithParameters(sp); } } + + private void validateUserSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException { + if (savedSearch != null) { + Servlets.validateQueryParamLength("name", savedSearch.getName()); + Servlets.validateQueryParamLength("ownerName", savedSearch.getOwnerName()); + Servlets.validateQueryParamLength("guid", savedSearch.getGuid()); + + validateSearchParameters(savedSearch.getSearchParameters()); + } + } + + private void validateSearchParameters(SearchParameters parameters) throws AtlasBaseException { + if (parameters != null) { + Servlets.validateQueryParamLength("typeName", parameters.getTypeName()); + Servlets.validateQueryParamLength("classification", parameters.getClassification()); + Servlets.validateQueryParamLength("query", parameters.getQuery()); + } + } } http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java index 0f6eeb1..6b9e2a8 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java @@ -91,6 +91,8 @@ public class EntityREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEntityWithExtInfo getById(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -116,6 +118,8 @@ public class EntityREST { @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEntityWithExtInfo getByUniqueAttributes(@PathParam("typeName") String typeName, @Context HttpServletRequest servletRequest) throws AtlasBaseException { + Servlets.validateQueryParamLength("typeName", typeName); + AtlasPerfTracer perf = null; try { @@ -171,6 +175,8 @@ public class EntityREST { public EntityMutationResponse partialUpdateEntityByUniqueAttrs(@PathParam("typeName") String typeName, @Context HttpServletRequest servletRequest, AtlasEntityWithExtInfo entityInfo) throws Exception { + Servlets.validateQueryParamLength("typeName", typeName); + AtlasPerfTracer perf = null; try { @@ -203,6 +209,9 @@ public class EntityREST { public EntityMutationResponse partialUpdateEntityAttrByGuid(@PathParam("guid") String guid, @QueryParam("name") String attrName, Object attrValue) throws Exception { + Servlets.validateQueryParamLength("guid", guid); + Servlets.validateQueryParamLength("name", attrName); + AtlasPerfTracer perf = null; try { @@ -226,6 +235,8 @@ public class EntityREST { @Consumes({Servlets.JSON_MEDIA_TYPE, MediaType.APPLICATION_JSON}) @Produces(Servlets.JSON_MEDIA_TYPE) public EntityMutationResponse deleteByGuid(@PathParam("guid") final String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -251,6 +262,8 @@ public class EntityREST { @Path("/uniqueAttribute/type/{typeName}") public EntityMutationResponse deleteByUniqueAttribute(@PathParam("typeName") String typeName, @Context HttpServletRequest servletRequest) throws AtlasBaseException { + Servlets.validateQueryParamLength("typeName", typeName); + AtlasPerfTracer perf = null; try { @@ -277,6 +290,9 @@ public class EntityREST { @Path("/guid/{guid}/classification/{classificationName}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasClassification getClassification(@PathParam("guid") String guid, @PathParam("classificationName") final String classificationName) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + Servlets.validateQueryParamLength("classificationName", classificationName); + AtlasPerfTracer perf = null; try { @@ -304,6 +320,8 @@ public class EntityREST { @Path("/guid/{guid}/classifications") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasClassification.AtlasClassifications getClassifications(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -330,6 +348,8 @@ public class EntityREST { @Consumes({Servlets.JSON_MEDIA_TYPE, MediaType.APPLICATION_JSON}) @Produces(Servlets.JSON_MEDIA_TYPE) public void addClassifications(@PathParam("guid") final String guid, List classifications) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -356,6 +376,8 @@ public class EntityREST { @Path("/guid/{guid}/classifications") @Produces(Servlets.JSON_MEDIA_TYPE) public void updateClassification(@PathParam("guid") final String guid, List classifications) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { @@ -384,6 +406,9 @@ public class EntityREST { @Produces(Servlets.JSON_MEDIA_TYPE) public void deleteClassification(@PathParam("guid") String guid, @PathParam("classificationName") final String classificationName) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + Servlets.validateQueryParamLength("classificationName", classificationName); + AtlasPerfTracer perf = null; try { @@ -415,6 +440,12 @@ public class EntityREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEntitiesWithExtInfo getByGuids(@QueryParam("guid") List guids) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(guids)) { + for (String guid : guids) { + Servlets.validateQueryParamLength("guid", guid); + } + } + AtlasPerfTracer perf = null; try { @@ -465,6 +496,12 @@ public class EntityREST { @Consumes(Servlets.JSON_MEDIA_TYPE) @Produces(Servlets.JSON_MEDIA_TYPE) public EntityMutationResponse deleteByGuids(@QueryParam("guid") final List guids) throws AtlasBaseException { + if (CollectionUtils.isNotEmpty(guids)) { + for (String guid : guids) { + Servlets.validateQueryParamLength("guid", guid); + } + } + AtlasPerfTracer perf = null; try { http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java index 8638ea6..8b0316b 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java @@ -25,6 +25,7 @@ import org.apache.atlas.model.lineage.AtlasLineageInfo; import org.apache.atlas.model.lineage.AtlasLineageInfo.LineageDirection; import org.apache.atlas.utils.AtlasPerfTracer; import org.apache.atlas.web.util.Servlets; +import org.apache.commons.collections.CollectionUtils; import org.slf4j.Logger; import org.springframework.stereotype.Service; @@ -79,6 +80,8 @@ public class LineageREST { public AtlasLineageInfo getLineageGraph(@PathParam("guid") String guid, @QueryParam("direction") @DefaultValue(DEFAULT_DIRECTION) LineageDirection direction, @QueryParam("depth") @DefaultValue(DEFAULT_DEPTH) int depth) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasPerfTracer perf = null; try { http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java b/webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java index d55488d..062d664 100644 --- a/webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java +++ b/webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java @@ -78,6 +78,8 @@ public class TypesREST { @Path("/typedef/name/{name}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasBaseTypeDef getTypeDefByName(@PathParam("name") String name) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", name); + AtlasBaseTypeDef ret = typeDefStore.getByName(name); return ret; @@ -94,6 +96,8 @@ public class TypesREST { @Path("/typedef/guid/{guid}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasBaseTypeDef getTypeDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasBaseTypeDef ret = typeDefStore.getByGuid(guid); return ret; @@ -146,6 +150,8 @@ public class TypesREST { @Path("/enumdef/name/{name}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEnumDef getEnumDefByName(@PathParam("name") String name) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", name); + AtlasEnumDef ret = typeDefStore.getEnumDefByName(name); return ret; @@ -163,6 +169,8 @@ public class TypesREST { @Path("/enumdef/guid/{guid}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEnumDef getEnumDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasEnumDef ret = typeDefStore.getEnumDefByGuid(guid); return ret; @@ -181,6 +189,8 @@ public class TypesREST { @Path("/structdef/name/{name}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasStructDef getStructDefByName(@PathParam("name") String name) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", name); + AtlasStructDef ret = typeDefStore.getStructDefByName(name); return ret; @@ -198,6 +208,8 @@ public class TypesREST { @Path("/structdef/guid/{guid}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasStructDef getStructDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasStructDef ret = typeDefStore.getStructDefByGuid(guid); return ret; @@ -215,6 +227,8 @@ public class TypesREST { @Path("/classificationdef/name/{name}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasClassificationDef getClassificationDefByName(@PathParam("name") String name) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", name); + AtlasClassificationDef ret = typeDefStore.getClassificationDefByName(name); return ret; @@ -232,6 +246,8 @@ public class TypesREST { @Path("/classificationdef/guid/{guid}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasClassificationDef getClassificationDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasClassificationDef ret = typeDefStore.getClassificationDefByGuid(guid); return ret; @@ -249,6 +265,8 @@ public class TypesREST { @Path("/entitydef/name/{name}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEntityDef getEntityDefByName(@PathParam("name") String name) throws AtlasBaseException { + Servlets.validateQueryParamLength("name", name); + AtlasEntityDef ret = typeDefStore.getEntityDefByName(name); return ret; @@ -266,6 +284,8 @@ public class TypesREST { @Path("/entitydef/guid/{guid}") @Produces(Servlets.JSON_MEDIA_TYPE) public AtlasEntityDef getEntityDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException { + Servlets.validateQueryParamLength("guid", guid); + AtlasEntityDef ret = typeDefStore.getEntityDefByGuid(guid); return ret; http://git-wip-us.apache.org/repos/asf/atlas/blob/eea40508/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java index 4707035..638e428 100755 --- a/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java +++ b/webapp/src/main/java/org/apache/atlas/web/util/Servlets.java @@ -19,6 +19,8 @@ package org.apache.atlas.web.util; import org.apache.atlas.AtlasClient; +import org.apache.atlas.AtlasConfiguration; +import org.apache.atlas.AtlasErrorCode; import org.apache.atlas.LocalServletRequest; import org.apache.atlas.exception.AtlasBaseException; import org.apache.atlas.utils.ParamChecker; @@ -57,6 +59,8 @@ public final class Servlets { public static final String JSON_MEDIA_TYPE = MediaType.APPLICATION_JSON + "; charset=UTF-8"; public static final String BINARY = MediaType.APPLICATION_OCTET_STREAM; + private static final int QUERY_PARAM_MAX_LENGTH = AtlasConfiguration.QUERY_PARAM_MAX_LENGTH.getInt(); + /** * Returns the user of the given request. * @@ -206,4 +210,10 @@ public final class Servlets { return attributes; } + + public static void validateQueryParamLength(String paramName, String paramValue) throws AtlasBaseException { + if (StringUtils.isNotEmpty(paramValue) && paramValue.length() > QUERY_PARAM_MAX_LENGTH) { + throw new AtlasBaseException(AtlasErrorCode.INVALID_QUERY_PARAM_LENGTH, paramName); + } + } }