Skip to content

Commit

Permalink
Not allowing index names in request body for multi-get/search/bulk wh…
Browse files Browse the repository at this point in the history 
…en indices are already given in url

closes #3636
  • Loading branch information
@kimchy
kimchy committed Sep 5, 2013
1 parent 95b894e commit 3e92b1d
Show file tree
Hide file tree
Showing 7 changed files with 55 additions and 12 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/elasticsearch/action/bulk/BulkProcessor.java
View file
Expand Up @@ -245,7 +245,7 @@ public BulkProcessor add(BytesReference data, boolean contentUnsafe, @Nullable S
}

public synchronized BulkProcessor add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload) throws Exception {
bulkRequest.add(data, contentUnsafe, defaultIndex, defaultType, payload);
bulkRequest.add(data, contentUnsafe, defaultIndex, defaultType, payload, true);
executeIfNeeded();
return this;
}
Expand Down
17 changes: 15 additions & 2 deletions src/main/java/org/elasticsearch/action/bulk/BulkRequest.java
View file
Expand Up @@ -235,10 +235,17 @@ public BulkRequest add(byte[] data, int from, int length, boolean contentUnsafe,
* Adds a framed data in binary format
*/
public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType) throws Exception {
return add(data, contentUnsafe, defaultIndex, defaultType, null);
return add(data, contentUnsafe, defaultIndex, defaultType, null, true);
}

public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload) throws Exception {
/**
* Adds a framed data in binary format
*/
public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, boolean allowExplicitIndex) throws Exception {
return add(data, contentUnsafe, defaultIndex, defaultType, null, allowExplicitIndex);
}

public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload, boolean allowExplicitIndex) throws Exception {
XContent xContent = XContentFactory.xContent(data);
int from = 0;
int length = data.length();
Expand Down Expand Up @@ -287,6 +294,9 @@ public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable Str
currentFieldName = parser.currentName();
} else if (token.isValue()) {
if ("_index".equals(currentFieldName)) {
if (!allowExplicitIndex) {
throw new ElasticSearchIllegalArgumentException("explicit index in bulk is not allowed");
}
index = parser.text();
} else if ("_type".equals(currentFieldName)) {
type = parser.text();
Expand Down Expand Up @@ -327,6 +337,9 @@ public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable Str
// we use internalAdd so we don't fork here, this allows us not to copy over the big byte array to small chunks
// of index request. All index requests are still unsafe if applicable.
if ("index".equals(action)) {
if (!allowExplicitIndex) {
throw new ElasticSearchIllegalArgumentException("explicit index in bulk is not allowed");
}
if (opType == null) {
internalAdd(new IndexRequest(index, type, id).routing(routing).parent(parent).timestamp(timestamp).ttl(ttl).version(version).versionType(versionType)
.source(data.slice(from, nextMarker - from), contentUnsafe), payload);
Expand Down
14 changes: 11 additions & 3 deletions src/main/java/org/elasticsearch/action/get/MultiGetRequest.java
View file
Expand Up @@ -264,11 +264,15 @@ public MultiGetRequest refresh(boolean refresh) {
return this;
}

public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, byte[] data, int from, int length) throws Exception {
add(defaultIndex, defaultType, defaultFields, defaultFetchSource, new BytesArray(data, from, length));
public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, byte[] data, int from, int length) throws Exception {
return add(defaultIndex, defaultType, defaultFields, defaultFetchSource, new BytesArray(data, from, length), true);
}

public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data) throws Exception {
public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data) throws Exception {
return add(defaultIndex, defaultType, defaultFields, defaultFetchSource, data, true);
}

public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data, boolean allowExplicitIndex) throws Exception {
XContentParser parser = XContentFactory.xContent(data).createParser(data);
try {
XContentParser.Token token;
Expand Down Expand Up @@ -298,6 +302,9 @@ public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nu
currentFieldName = parser.currentName();
} else if (token.isValue()) {
if ("_index".equals(currentFieldName)) {
if (!allowExplicitIndex) {
throw new ElasticSearchIllegalArgumentException("explicit index in multi get is not allowed");
}
index = parser.text();
} else if ("_type".equals(currentFieldName)) {
type = parser.text();
Expand Down Expand Up @@ -388,6 +395,7 @@ public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nu
} finally {
parser.close();
}
return this;
}

@Override
Expand Down
16 changes: 13 additions & 3 deletions src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java
View file
Expand Up @@ -20,6 +20,7 @@
package org.elasticsearch.action.search;

import com.google.common.collect.Lists;
import org.elasticsearch.ElasticSearchIllegalArgumentException;
import org.elasticsearch.ElasticSearchParseException;
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
Expand Down Expand Up @@ -69,11 +70,14 @@ public MultiSearchRequest add(SearchRequest request) {

public MultiSearchRequest add(byte[] data, int from, int length, boolean contentUnsafe,
@Nullable String[] indices, @Nullable String[] types, @Nullable String searchType) throws Exception {
return add(new BytesArray(data, from, length), contentUnsafe, indices, types, searchType, IgnoreIndices.NONE);
return add(new BytesArray(data, from, length), contentUnsafe, indices, types, searchType, IgnoreIndices.NONE, true);
}

public MultiSearchRequest add(BytesReference data, boolean contentUnsafe,
@Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices) throws Exception {
public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices) throws Exception {
return add(data, contentUnsafe, indices, types, searchType, ignoreIndices, true);
}

public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices, boolean allowExplicitIndex) throws Exception {
XContent xContent = XContentFactory.xContent(data);
int from = 0;
int length = data.length();
Expand Down Expand Up @@ -115,6 +119,9 @@ public MultiSearchRequest add(BytesReference data, boolean contentUnsafe,
currentFieldName = parser.currentName();
} else if (token.isValue()) {
if ("index".equals(currentFieldName) || "indices".equals(currentFieldName)) {
if (!allowExplicitIndex) {
throw new ElasticSearchIllegalArgumentException("explicit index in multi search is not allowed");
}
searchRequest.indices(Strings.splitStringByCommaToArray(parser.text()));
} else if ("type".equals(currentFieldName) || "types".equals(currentFieldName)) {
searchRequest.types(Strings.splitStringByCommaToArray(parser.text()));
Expand All @@ -129,6 +136,9 @@ public MultiSearchRequest add(BytesReference data, boolean contentUnsafe,
}
} else if (token == XContentParser.Token.START_ARRAY) {
if ("index".equals(currentFieldName) || "indices".equals(currentFieldName)) {
if (!allowExplicitIndex) {
throw new ElasticSearchIllegalArgumentException("explicit index in multi search is not allowed");
}
searchRequest.indices(parseArray(parser));
} else if ("type".equals(currentFieldName) || "types".equals(currentFieldName)) {
searchRequest.types(parseArray(parser));
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/elasticsearch/rest/action/bulk/RestBulkAction.java
View file
Expand Up @@ -53,6 +53,8 @@
*/
public class RestBulkAction extends BaseRestHandler {

private final boolean allowExplicitIndex;

@Inject
public RestBulkAction(Settings settings, Client client, RestController controller) {
super(settings, client);
Expand All @@ -63,6 +65,8 @@ public RestBulkAction(Settings settings, Client client, RestController controlle
controller.registerHandler(PUT, "/{index}/_bulk", this);
controller.registerHandler(POST, "/{index}/{type}/_bulk", this);
controller.registerHandler(PUT, "/{index}/{type}/_bulk", this);

this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true);
}

@Override
Expand All @@ -82,7 +86,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel)
}
bulkRequest.refresh(request.paramAsBoolean("refresh", bulkRequest.refresh()));
try {
bulkRequest.add(request.content(), request.contentUnsafe(), defaultIndex, defaultType);
bulkRequest.add(request.content(), request.contentUnsafe(), defaultIndex, defaultType, allowExplicitIndex);
} catch (Exception e) {
try {
XContentBuilder builder = restContentBuilder(request);
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/elasticsearch/rest/action/get/RestMultiGetAction.java
View file
Expand Up @@ -40,6 +40,8 @@

public class RestMultiGetAction extends BaseRestHandler {

private final boolean allowExplicitIndex;

@Inject
public RestMultiGetAction(Settings settings, Client client, RestController controller) {
super(settings, client);
Expand All @@ -49,6 +51,8 @@ public RestMultiGetAction(Settings settings, Client client, RestController contr
controller.registerHandler(POST, "/{index}/_mget", this);
controller.registerHandler(GET, "/{index}/{type}/_mget", this);
controller.registerHandler(POST, "/{index}/{type}/_mget", this);

this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true);
}

@Override
Expand All @@ -68,7 +72,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel)
FetchSourceContext defaultFetchSource = FetchSourceContext.parseFromRestRequest(request);

try {
multiGetRequest.add(request.param("index"), request.param("type"), sFields, defaultFetchSource, request.content());
multiGetRequest.add(request.param("index"), request.param("type"), sFields, defaultFetchSource, request.content(), allowExplicitIndex);
} catch (Exception e) {
try {
XContentBuilder builder = restContentBuilder(request);
Expand Down
6 changes: 5 additions & 1 deletion src/main/java/org/elasticsearch/rest/action/search/RestMultiSearchAction.java
View file
Expand Up @@ -42,6 +42,8 @@
*/
public class RestMultiSearchAction extends BaseRestHandler {

private final boolean allowExplicitIndex;

@Inject
public RestMultiSearchAction(Settings settings, Client client, RestController controller) {
super(settings, client);
Expand All @@ -52,6 +54,8 @@ public RestMultiSearchAction(Settings settings, Client client, RestController co
controller.registerHandler(POST, "/{index}/_msearch", this);
controller.registerHandler(GET, "/{index}/{type}/_msearch", this);
controller.registerHandler(POST, "/{index}/{type}/_msearch", this);

this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true);
}

@Override
Expand All @@ -67,7 +71,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel)
}

try {
multiSearchRequest.add(request.content(), request.contentUnsafe(), indices, types, request.param("search_type"), ignoreIndices);
multiSearchRequest.add(request.content(), request.contentUnsafe(), indices, types, request.param("search_type"), ignoreIndices, allowExplicitIndex);
} catch (Exception e) {
try {
XContentBuilder builder = restContentBuilder(request);
Expand Down

1 comment on commit 3e92b1d

@wuchanghua
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good. Now I can disallow the index/indices by setting the rest.action.multi.allow_explicit_index to false.

Please sign in to comment.