drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5964) Do not allow queries to access paths outside the current workspace root
Date Thu, 23 Nov 2017 11:22:01 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16264192#comment-16264192
] 

ASF GitHub Bot commented on DRILL-5964:
---------------------------------------

Github user arina-ielchiieva commented on a diff in the pull request:

    https://github.com/apache/drill/pull/1050#discussion_r152774087
  
    --- Diff: exec/java-exec/src/main/java/org/apache/drill/exec/store/dfs/FileSelection.java
---
    @@ -359,15 +363,30 @@ private static Path handleWildCard(final String root) {
         }
       }
     
    -  private static String removeLeadingSlash(String path) {
    -    if (path.charAt(0) == '/') {
    +  public static String removeLeadingSlash(String path) {
    +    if (!path.isEmpty() && path.charAt(0) == '/') {
           String newPath = path.substring(1);
           return removeLeadingSlash(newPath);
         } else {
           return path;
         }
       }
     
    +  // Check if the path is a valid sub path under the parent after removing backpaths.
Throw an exception if
    +  // it is not
    +  // We pass subpath in as a parameter only for the error message
    +  public static boolean checkBackPaths(String parent, String combinedPath, String subpath)
{
    +    Preconditions.checkArgument(!parent.isEmpty());
    +    Preconditions.checkArgument(!combinedPath.isEmpty());
    --- End diff --
    
    Please add message for pre-conditions so error message will be more clear.


> Do not allow queries to access paths outside the current workspace root
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5964
>                 URL: https://issues.apache.org/jira/browse/DRILL-5964
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Parth Chandra
>              Labels: doc-impacting
>
> Workspace definitions in the dfs plugin are intended to provide a convenient shortcut
to long directory paths. However, some users may wish to disallow access to paths outside
the root of the workspace, possibly to prevent accidental access. Note that this is a convenience
option and not a substitute for permissions on the file system.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message