cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sn...@apache.org
Subject [3/6] cassandra git commit: Prevent reloading of logback.xml from UDF sandbox
Date Sun, 13 Nov 2016 12:06:29 GMT
Prevent reloading of logback.xml from UDF sandbox

patch by Robert Stupp; reviewed by Carl Yeksigian for CASSANDRA-12535


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/8f15eb1b
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/8f15eb1b
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/8f15eb1b

Branch: refs/heads/trunk
Commit: 8f15eb1b717548816a9ee8314269d4d1e2ee7084
Parents: d6a3ef4
Author: Robert Stupp <snazy@snazy.de>
Authored: Sun Nov 13 12:39:02 2016 +0100
Committer: Robert Stupp <snazy@snazy-ds15.fritz.box>
Committed: Sun Nov 13 12:39:02 2016 +0100

----------------------------------------------------------------------
 CHANGES.txt                                     |  1 +
 .../functions/ThreadAwareSecurityManager.java   | 43 ++++++++++++++++++++
 .../validation/operations/AggregationTest.java  |  4 +-
 3 files changed, 47 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index eb53d02..2c3c60e 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.0.10
+ * Prevent reloading of logback.xml from UDF sandbox (CASSANDRA-12535)
  * Disallow offheap_buffers memtable allocation (CASSANDRA-11039)
  * Fix CommitLogSegmentManagerTest (CASSANDRA-12283)
  * Pass root cause to CorruptBlockException when uncompression failed (CASSANDRA-12889)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
index b96c80f..676117d 100644
--- a/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
+++ b/src/java/org/apache/cassandra/cql3/functions/ThreadAwareSecurityManager.java
@@ -29,6 +29,14 @@ import java.security.ProtectionDomain;
 import java.util.Collections;
 import java.util.Enumeration;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import ch.qos.logback.classic.LoggerContext;
+import ch.qos.logback.classic.spi.TurboFilterList;
+import ch.qos.logback.classic.turbo.ReconfigureOnChangeFilter;
+import ch.qos.logback.classic.turbo.TurboFilter;
+
 /**
  * Custom {@link SecurityManager} and {@link Policy} implementation that only performs access
checks
  * if explicitly enabled.
@@ -69,9 +77,44 @@ public final class ThreadAwareSecurityManager extends SecurityManager
         if (installed)
             return;
         System.setSecurityManager(new ThreadAwareSecurityManager());
+
+        Logger l = LoggerFactory.getLogger(ThreadAwareSecurityManager.class);
+        ch.qos.logback.classic.Logger logbackLogger = (ch.qos.logback.classic.Logger) l;
+        LoggerContext ctx = logbackLogger.getLoggerContext();
+
+        TurboFilterList turboFilterList = ctx.getTurboFilterList();
+        for (int i = 0; i < turboFilterList.size(); i++)
+        {
+            TurboFilter turboFilter = turboFilterList.get(i);
+            if (turboFilter instanceof ReconfigureOnChangeFilter)
+            {
+                ReconfigureOnChangeFilter reconfigureOnChangeFilter = (ReconfigureOnChangeFilter)
turboFilter;
+                turboFilterList.set(i, new SMAwareReconfigureOnChangeFilter(reconfigureOnChangeFilter));
+                break;
+            }
+        }
+
         installed = true;
     }
 
+    /**
+     * The purpose of this class is
+     */
+    private static class SMAwareReconfigureOnChangeFilter extends ReconfigureOnChangeFilter
+    {
+        SMAwareReconfigureOnChangeFilter(ReconfigureOnChangeFilter reconfigureOnChangeFilter)
+        {
+            setRefreshPeriod(reconfigureOnChangeFilter.getRefreshPeriod());
+        }
+
+        protected boolean changeDetected(long now)
+        {
+            if (isSecuredThread())
+                return false;
+            return super.changeDetected(now);
+        }
+    }
+
     static
     {
         //

http://git-wip-us.apache.org/repos/asf/cassandra/blob/8f15eb1b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
----------------------------------------------------------------------
diff --git a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
index 2e7dc1a..485a19b 100644
--- a/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
+++ b/test/unit/org/apache/cassandra/cql3/validation/operations/AggregationTest.java
@@ -1797,7 +1797,8 @@ public class AggregationTest extends CQLTester
                                                        " STYPE map<text,bigint>\n"
+
                                                        " INITCOND { };");
 
-            for (int i = 0; i < 1000; i++)
+            long tEnd = System.currentTimeMillis() + 150;
+            while (System.currentTimeMillis() < tEnd)
             {
                 execute("SELECT " + releasesByCountry + "(country,title) FROM %s WHERE year=1980");
             }
@@ -1820,6 +1821,7 @@ public class AggregationTest extends CQLTester
             if (turboFilter instanceof ReconfigureOnChangeFilter)
             {
                 ReconfigureOnChangeFilter reconfigureFilter = (ReconfigureOnChangeFilter)
turboFilter;
+                reconfigureFilter.setContext(ctx);
                 reconfigureFilter.setRefreshPeriod(millis);
                 reconfigureFilter.stop();
                 reconfigureFilter.start(); // start() sets the next check timestammp


Mime
View raw message