From e218bfcc111dbebc34fb97923d0f2f9045c1c072 Mon Sep 17 00:00:00 2001 From: taoran1250 <543121890@qq.com> Date: Thu, 15 Aug 2024 10:28:44 +0800 Subject: [PATCH] fix IAST bug (#568) * fix: optimizing code * fix: IAST fix * fix: IAST fix * fix: IAST fix * fix: Code Review fix * fix: Code Review fix --- .../errorcode/LinkisRpcErrorCodeSummary.java | 3 +++ .../linkis/rpc/conf/RPCConfiguration.scala | 6 ++++++ .../linkis/rpc/transform/RPCConsumer.scala | 10 ++++++++-- .../ContextValueTypeConditionParser.java | 18 +++++++++++++++++- .../apache/linkis/cs/conf/CSConfiguration.java | 11 +++++++++++ 5 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/conf/CSConfiguration.java diff --git a/linkis-commons/linkis-rpc/src/main/java/org/apache/linkis/rpc/errorcode/LinkisRpcErrorCodeSummary.java b/linkis-commons/linkis-rpc/src/main/java/org/apache/linkis/rpc/errorcode/LinkisRpcErrorCodeSummary.java index a8daece891..e7a0851e49 100644 --- a/linkis-commons/linkis-rpc/src/main/java/org/apache/linkis/rpc/errorcode/LinkisRpcErrorCodeSummary.java +++ b/linkis-commons/linkis-rpc/src/main/java/org/apache/linkis/rpc/errorcode/LinkisRpcErrorCodeSummary.java @@ -28,6 +28,9 @@ public enum LinkisRpcErrorCodeSummary implements LinkisErrorCode { 10003, "The corresponding anti-sequence class was not found:{0}(找不到对应的反序列类:{0})"), CORRESPONDING_TO_INITIALIZE( 10004, "The corresponding anti-sequence class:{0} failed to initialize(对应的反序列类:{0} 初始化失败)"), + CORRESPONDING_CLASS_ILLEGAL( + 10005, + "The corresponding anti-sequence class:{0} is illegal (对应的反序列类:{0} 不合法)"), APPLICATION_IS_NOT_EXISTS( 10051, "The instance:{0} of application {1} does not exist(应用程序:{0} 的实例:{1} 不存在)."), diff --git a/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/conf/RPCConfiguration.scala b/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/conf/RPCConfiguration.scala index cb1ffb74bf..5c93babbc0 100644 --- a/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/conf/RPCConfiguration.scala +++ b/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/conf/RPCConfiguration.scala @@ -142,4 +142,10 @@ object RPCConfiguration { val configOptions: feign.Request.Options = new feign.Request.Options(RPC_CONNECT_TIME_OUT, RPC_READ_TIME_OUT, true) + val RPC_OBJECT_PREFIX_WHITE_LIST: Array[String] = + CommonVars("wds.linkis.rpc.object.class.prefix.whitelist", "org.apache.linkis").getValue + .split(",") + + val ENABLE_RPC_OBJECT_PREFIX_WHITE_LIST_CHECK: Boolean = + CommonVars("wds.linkis.rpc.object.class.prefix.whitelist.check.enable", true).getValue } diff --git a/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/transform/RPCConsumer.scala b/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/transform/RPCConsumer.scala index a77ff9f71f..2e9e681828 100644 --- a/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/transform/RPCConsumer.scala +++ b/linkis-commons/linkis-rpc/src/main/scala/org/apache/linkis/rpc/transform/RPCConsumer.scala @@ -19,16 +19,16 @@ package org.apache.linkis.rpc.transform import org.apache.linkis.common.exception.ExceptionManager import org.apache.linkis.common.utils.Utils +import org.apache.linkis.rpc.conf.RPCConfiguration import org.apache.linkis.rpc.errorcode.LinkisRpcErrorCodeSummary.CORRESPONDING_NOT_FOUND import org.apache.linkis.rpc.errorcode.LinkisRpcErrorCodeSummary.CORRESPONDING_TO_INITIALIZE +import org.apache.linkis.rpc.errorcode.LinkisRpcErrorCodeSummary.CORRESPONDING_CLASS_ILLEGAL import org.apache.linkis.rpc.exception.DWCURIException import org.apache.linkis.rpc.serializer.ProtostuffSerializeUtil import org.apache.linkis.server.{EXCEPTION_MSG, JMap, Message} import java.text.MessageFormat - import scala.runtime.BoxedUnit - import org.slf4j.LoggerFactory private[linkis] trait RPCConsumer { @@ -51,6 +51,12 @@ private[linkis] object RPCConsumer { val objectStr = data.get(OBJECT_VALUE).toString val objectClass = data.get(CLASS_VALUE).toString logger.debug("The corresponding anti-sequence is class {}", objectClass) + if (RPCConfiguration.ENABLE_RPC_OBJECT_PREFIX_WHITE_LIST_CHECK && !RPCConfiguration.RPC_OBJECT_PREFIX_WHITE_LIST.exists(prefix => objectClass.startsWith(prefix))) { + throw new DWCURIException( + CORRESPONDING_CLASS_ILLEGAL.getErrorCode, + MessageFormat.format(CORRESPONDING_CLASS_ILLEGAL.getErrorDesc, objectClass) + ) + } val clazz = Utils.tryThrow(Class.forName(objectClass)) { case _: ClassNotFoundException => new DWCURIException( diff --git a/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/condition/construction/ContextValueTypeConditionParser.java b/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/condition/construction/ContextValueTypeConditionParser.java index efc881ed28..4dba6afdff 100644 --- a/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/condition/construction/ContextValueTypeConditionParser.java +++ b/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/condition/construction/ContextValueTypeConditionParser.java @@ -17,11 +17,15 @@ package org.apache.linkis.cs.condition.construction; +import org.apache.commons.lang3.StringUtils; import org.apache.linkis.cs.condition.Condition; import org.apache.linkis.cs.condition.impl.ContextValueTypeCondition; +import java.util.Arrays; +import java.util.List; import java.util.Map; +import org.apache.linkis.cs.conf.CSConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,7 +39,19 @@ public Condition parse(Map conditionMap) { Class contextValueType = Object.class; try { - contextValueType = Class.forName((String) conditionMap.get("contextValueType")); + String valueType = (String) conditionMap.get("contextValueType"); + List contextValueTypeWhiteList = + Arrays.asList(CSConfiguration.CONTEXT_VALUE_TYPE_PREFIX_WHITE_LIST.getValue() + .split(",")); + if (CSConfiguration.ENABLE_CONTEXT_VALUE_TYPE_PREFIX_WHITE_LIST_CHECK.getValue()) { + if (contextValueTypeWhiteList.stream().anyMatch(ele -> StringUtils.startsWith(valueType, ele))) { + contextValueType = Class.forName(valueType); + } else { + logger.error("ContextValueType: {} is illegal", valueType); + } + } else { + contextValueType = Class.forName(valueType); + } } catch (ClassNotFoundException e) { logger.error("Cannot find contextValueType:" + conditionMap.get("contextValueType")); } diff --git a/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/conf/CSConfiguration.java b/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/conf/CSConfiguration.java new file mode 100644 index 0000000000..cdb7049ca1 --- /dev/null +++ b/linkis-public-enhancements/linkis-cs-server/src/main/java/org/apache/linkis/cs/conf/CSConfiguration.java @@ -0,0 +1,11 @@ +package org.apache.linkis.cs.conf; + +import org.apache.linkis.common.conf.CommonVars; + +public class CSConfiguration { + public static final CommonVars CONTEXT_VALUE_TYPE_PREFIX_WHITE_LIST = + CommonVars.apply("linkis.context.value.type.prefix.whitelist", "org.apache.linkis"); + + public static final CommonVars ENABLE_CONTEXT_VALUE_TYPE_PREFIX_WHITE_LIST_CHECK = + CommonVars.apply("linkis.context.value.type.prefix.whitelist.check.enable", true); +}