cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sn...@apache.org
Subject [2/6] cassandra git commit: fix merge left-over
Date Sat, 07 Jan 2017 00:17:58 GMT
fix merge left-over


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/858cb25a
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/858cb25a
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/858cb25a

Branch: refs/heads/cassandra-3.X
Commit: 858cb25a007accf007f76f81a3a20e1e4af5d0f9
Parents: 0e9e0a4
Author: Robert Stupp <snazy@snazy.de>
Authored: Sat Jan 7 01:17:18 2017 +0100
Committer: Robert Stupp <snazy@snazy.de>
Committed: Sat Jan 7 01:17:18 2017 +0100

----------------------------------------------------------------------
 .../cql3/validation/entities/UFTest.java        | 228 -------------------
 1 file changed, 228 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/858cb25a/test/unit/org/apache/cassandra/cql3/validation/entities/UFTest.java
----------------------------------------------------------------------
diff --git a/test/unit/org/apache/cassandra/cql3/validation/entities/UFTest.java b/test/unit/org/apache/cassandra/cql3/validation/entities/UFTest.java
index 6faaf8a..af9ec1a 100644
--- a/test/unit/org/apache/cassandra/cql3/validation/entities/UFTest.java
+++ b/test/unit/org/apache/cassandra/cql3/validation/entities/UFTest.java
@@ -17,7 +17,6 @@
  */
 package org.apache.cassandra.cql3.validation.entities;
 
-import java.security.AccessControlException;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
@@ -28,8 +27,6 @@ import org.junit.Test;
 
 import com.datastax.driver.core.*;
 import com.datastax.driver.core.exceptions.InvalidQueryException;
-import org.apache.cassandra.config.Config;
-import org.apache.cassandra.config.DatabaseDescriptor;
 import org.apache.cassandra.config.Schema;
 import org.apache.cassandra.cql3.CQLTester;
 import org.apache.cassandra.cql3.QueryProcessor;
@@ -37,13 +34,10 @@ import org.apache.cassandra.cql3.UntypedResultSet;
 import org.apache.cassandra.cql3.functions.FunctionName;
 import org.apache.cassandra.cql3.functions.JavaBasedUDFunction;
 import org.apache.cassandra.cql3.functions.UDFunction;
-import org.apache.cassandra.cql3.functions.UDHelper;
 import org.apache.cassandra.db.marshal.CollectionType;
-import org.apache.cassandra.exceptions.FunctionExecutionException;
 import org.apache.cassandra.exceptions.InvalidRequestException;
 import org.apache.cassandra.schema.KeyspaceMetadata;
 import org.apache.cassandra.service.ClientState;
-import org.apache.cassandra.service.ClientWarn;
 import org.apache.cassandra.transport.*;
 import org.apache.cassandra.transport.ProtocolVersion;
 import org.apache.cassandra.transport.messages.ResultMessage;
@@ -878,228 +872,6 @@ public class UFTest extends CQLTester
     }
 
     @Test
-    public void testSecurityPermissions() throws Throwable
-    {
-        createTable("CREATE TABLE %s (key int primary key, dval double)");
-        execute("INSERT INTO %s (key, dval) VALUES (?, ?)", 1, 1d);
-
-        // Java UDFs
-
-        try
-        {
-            String fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                          "CREATE OR REPLACE FUNCTION %s(val double) " +
-                                          "RETURNS NULL ON NULL INPUT " +
-                                          "RETURNS double " +
-                                          "LANGUAGE JAVA\n" +
-                                          "AS 'System.getProperty(\"foo.bar.baz\"); return
0d;';");
-            execute("SELECT " + fName + "(dval) FROM %s WHERE key=1");
-            Assert.fail();
-        }
-        catch (FunctionExecutionException e)
-        {
-            assertAccessControlException("System.getProperty(\"foo.bar.baz\"); return 0d;",
e);
-        }
-
-        String[][] typesAndSources =
-        {
-        {"",                        "try { Class.forName(\"" + UDHelper.class.getName() +
"\"); } catch (Exception e) { throw new RuntimeException(e); } return 0d;"},
-        {"sun.misc.Unsafe",         "sun.misc.Unsafe.getUnsafe(); return 0d;"},
-        {"",                        "try { Class.forName(\"sun.misc.Unsafe\"); } catch (Exception
e) { throw new RuntimeException(e); } return 0d;"},
-        {"java.nio.file.FileSystems", "try {" +
-                                    "     java.nio.file.FileSystems.getDefault(); return
0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.nio.channels.FileChannel", "try {" +
-                                    "     java.nio.channels.FileChannel.open(java.nio.file.FileSystems.getDefault().getPath(\"/etc/passwd\")).close();
return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.nio.channels.SocketChannel", "try {" +
-                                    "     java.nio.channels.SocketChannel.open().close();
return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.io.FileInputStream", "try {" +
-                                    "     new java.io.FileInputStream(\"./foobar\").close();
return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.lang.Runtime",       "try {" +
-                                    "     java.lang.Runtime.getRuntime(); return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"org.apache.cassandra.service.StorageService",
-                                    "try {" +
-                                    "     org.apache.cassandra.service.StorageService v =
org.apache.cassandra.service.StorageService.instance; v.isShutdown(); return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.net.ServerSocket",   "try {" +
-                                    "     new java.net.ServerSocket().bind(); return 0d;"
+
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.io.FileOutputStream","try {" +
-                                    "     new java.io.FileOutputStream(\".foo\"); return
0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'},
-        {"java.lang.Runtime",       "try {" +
-                                    "     java.lang.Runtime.getRuntime().exec(\"/tmp/foo\");
return 0d;" +
-                                    "} catch (Exception t) {" +
-                                    "     throw new RuntimeException(t);" +
-                                    '}'}
-        };
-
-        for (String[] typeAndSource : typesAndSources)
-        {
-            assertInvalidMessage(typeAndSource[0] + " cannot be resolved",
-                                 "CREATE OR REPLACE FUNCTION " + KEYSPACE + ".invalid_class_access(val
double) " +
-                                 "RETURNS NULL ON NULL INPUT " +
-                                 "RETURNS double " +
-                                 "LANGUAGE JAVA\n" +
-                                 "AS '" + typeAndSource[1] + "';");
-        }
-
-        // JavaScript UDFs
-
-        try
-        {
-            String fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                          "CREATE OR REPLACE FUNCTION %s(val double) " +
-                                          "RETURNS NULL ON NULL INPUT " +
-                                          "RETURNS double " +
-                                          "LANGUAGE javascript\n" +
-                                          "AS 'org.apache.cassandra.service.StorageService.instance.isShutdown();
0;';");
-            execute("SELECT " + fName + "(dval) FROM %s WHERE key=1");
-            Assert.fail("Javascript security check failed");
-        }
-        catch (FunctionExecutionException e)
-        {
-            assertAccessControlException("", e);
-        }
-
-        String[] javascript =
-        {
-        "java.lang.management.ManagmentFactory.getThreadMXBean(); 0;",
-        "new java.io.FileInputStream(\"/tmp/foo\"); 0;",
-        "new java.io.FileOutputStream(\"/tmp/foo\"); 0;",
-        "java.nio.file.FileSystems.getDefault().createFileExclusively(\"./foo_bar_baz\");
0;",
-        "java.nio.channels.FileChannel.open(java.nio.file.FileSystems.getDefault().getPath(\"/etc/passwd\"));
0;",
-        "java.nio.channels.SocketChannel.open(); 0;",
-        "new java.net.ServerSocket().bind(null); 0;",
-        "var thread = new java.lang.Thread(); thread.start(); 0;",
-        "java.lang.System.getProperty(\"foo.bar.baz\"); 0;",
-        "java.lang.Class.forName(\"java.lang.System\"); 0;",
-        "java.lang.Runtime.getRuntime().exec(\"/tmp/foo\"); 0;",
-        "java.lang.Runtime.getRuntime().loadLibrary(\"foobar\"); 0;",
-        "java.lang.Runtime.getRuntime().loadLibrary(\"foobar\"); 0;",
-        // TODO these (ugly) calls are still possible - these can consume CPU (as one could
do with an evil loop, too)
-//        "java.lang.Runtime.getRuntime().traceMethodCalls(true); 0;",
-//        "java.lang.Runtime.getRuntime().gc(); 0;",
-//        "java.lang.Runtime.getRuntime(); 0;",
-        };
-
-        for (String script : javascript)
-        {
-            try
-            {
-                String fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                              "CREATE OR REPLACE FUNCTION %s(val double)
" +
-                                              "RETURNS NULL ON NULL INPUT " +
-                                              "RETURNS double " +
-                                              "LANGUAGE javascript\n" +
-                                              "AS '" + script + "';");
-                execute("SELECT " + fName + "(dval) FROM %s WHERE key=1");
-                Assert.fail("Javascript security check failed: " + script);
-            }
-            catch (FunctionExecutionException e)
-            {
-                assertAccessControlException(script, e);
-            }
-        }
-    }
-
-    private static void assertAccessControlException(String script, FunctionExecutionException
e)
-    {
-        for (Throwable t = e; t != null && t != t.getCause(); t = t.getCause())
-            if (t instanceof AccessControlException)
-                return;
-        Assert.fail("no AccessControlException for " + script + " (got " + e + ')');
-    }
-
-    @Test
-    public void testAmokUDF() throws Throwable
-    {
-        createTable("CREATE TABLE %s (key int primary key, dval double)");
-        execute("INSERT INTO %s (key, dval) VALUES (?, ?)", 1, 1d);
-
-        long udfWarnTimeout = DatabaseDescriptor.getUserDefinedFunctionWarnTimeout();
-        long udfFailTimeout = DatabaseDescriptor.getUserDefinedFunctionFailTimeout();
-        int maxTries = 5;
-        for (int i = 1; i <= maxTries; i++)
-        {
-            try
-            {
-                // short timeout
-                DatabaseDescriptor.setUserDefinedFunctionWarnTimeout(10);
-                DatabaseDescriptor.setUserDefinedFunctionFailTimeout(250);
-                // don't kill the unit test... - default policy is "die"
-                DatabaseDescriptor.setUserFunctionTimeoutPolicy(Config.UserFunctionTimeoutPolicy.ignore);
-
-                ClientWarn.instance.captureWarnings();
-                String fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                              "CREATE OR REPLACE FUNCTION %s(val double)
" +
-                                              "RETURNS NULL ON NULL INPUT " +
-                                              "RETURNS double " +
-                                              "LANGUAGE JAVA\n" +
-                                              "AS 'long t=System.currentTimeMillis()+110;
while (t>System.currentTimeMillis()) { }; return 0d;'");
-                execute("SELECT " + fName + "(dval) FROM %s WHERE key=1");
-                List<String> warnings = ClientWarn.instance.getWarnings();
-                Assert.assertNotNull(warnings);
-                Assert.assertFalse(warnings.isEmpty());
-                ClientWarn.instance.resetWarnings();
-
-                // Java UDF
-
-                fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                       "CREATE OR REPLACE FUNCTION %s(val double) " +
-                                       "RETURNS NULL ON NULL INPUT " +
-                                       "RETURNS double " +
-                                       "LANGUAGE JAVA\n" +
-                                       "AS 'long t=System.currentTimeMillis()+500; while
(t>System.currentTimeMillis()) { }; return 0d;';");
-                assertInvalidMessage("ran longer than 250ms", "SELECT " + fName + "(dval)
FROM %s WHERE key=1");
-
-                // Javascript UDF
-
-                fName = createFunction(KEYSPACE_PER_TEST, "double",
-                                       "CREATE OR REPLACE FUNCTION %s(val double) " +
-                                       "RETURNS NULL ON NULL INPUT " +
-                                       "RETURNS double " +
-                                       "LANGUAGE JAVASCRIPT\n" +
-                                       "AS 'var t=java.lang.System.currentTimeMillis()+500;
while (t>java.lang.System.currentTimeMillis()) { }; 0;';");
-                assertInvalidMessage("ran longer than 250ms", "SELECT " + fName + "(dval)
FROM %s WHERE key=1");
-
-                return;
-            }
-            catch (Error | RuntimeException e)
-            {
-                if (i == maxTries)
-                    throw e;
-            }
-            finally
-            {
-                // reset to defaults
-                DatabaseDescriptor.setUserDefinedFunctionWarnTimeout(udfWarnTimeout);
-                DatabaseDescriptor.setUserDefinedFunctionFailTimeout(udfFailTimeout);
-            }
-        }
-    }
-
-    @Test
     public void testArgumentGenerics() throws Throwable
     {
         createTable("CREATE TABLE %s (key int primary key, sval text, aval ascii, bval blob,
empty_int int)");


Mime
View raw message