From 3e92b1d6b8f7febd210928e05e021a405c06de31 Mon Sep 17 00:00:00 2001 From: Shay Banon Date: Fri, 6 Sep 2013 01:46:24 +0200 Subject: [PATCH] Not allowing index names in request body for multi-get/search/bulk when indices are already given in url closes #3636 --- .../action/bulk/BulkProcessor.java | 2 +- .../elasticsearch/action/bulk/BulkRequest.java | 17 +++++++++++++++-- .../action/get/MultiGetRequest.java | 14 +++++++++++--- .../action/search/MultiSearchRequest.java | 16 +++++++++++++--- .../rest/action/bulk/RestBulkAction.java | 6 +++++- .../rest/action/get/RestMultiGetAction.java | 6 +++++- .../action/search/RestMultiSearchAction.java | 6 +++++- 7 files changed, 55 insertions(+), 12 deletions(-) diff --git a/src/main/java/org/elasticsearch/action/bulk/BulkProcessor.java b/src/main/java/org/elasticsearch/action/bulk/BulkProcessor.java index d0a62eac2fd88..8b5dd971b504f 100644 --- a/src/main/java/org/elasticsearch/action/bulk/BulkProcessor.java +++ b/src/main/java/org/elasticsearch/action/bulk/BulkProcessor.java @@ -245,7 +245,7 @@ public BulkProcessor add(BytesReference data, boolean contentUnsafe, @Nullable S } public synchronized BulkProcessor add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload) throws Exception { - bulkRequest.add(data, contentUnsafe, defaultIndex, defaultType, payload); + bulkRequest.add(data, contentUnsafe, defaultIndex, defaultType, payload, true); executeIfNeeded(); return this; } diff --git a/src/main/java/org/elasticsearch/action/bulk/BulkRequest.java b/src/main/java/org/elasticsearch/action/bulk/BulkRequest.java index fe9b68b6ff1a7..e3b3fee7f9650 100644 --- a/src/main/java/org/elasticsearch/action/bulk/BulkRequest.java +++ b/src/main/java/org/elasticsearch/action/bulk/BulkRequest.java @@ -235,10 +235,17 @@ public BulkRequest add(byte[] data, int from, int length, boolean contentUnsafe, * Adds a framed data in binary format */ public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType) throws Exception { - return add(data, contentUnsafe, defaultIndex, defaultType, null); + return add(data, contentUnsafe, defaultIndex, defaultType, null, true); } - public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload) throws Exception { + /** + * Adds a framed data in binary format + */ + public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, boolean allowExplicitIndex) throws Exception { + return add(data, contentUnsafe, defaultIndex, defaultType, null, allowExplicitIndex); + } + + public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable String defaultIndex, @Nullable String defaultType, @Nullable Object payload, boolean allowExplicitIndex) throws Exception { XContent xContent = XContentFactory.xContent(data); int from = 0; int length = data.length(); @@ -287,6 +294,9 @@ public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable Str currentFieldName = parser.currentName(); } else if (token.isValue()) { if ("_index".equals(currentFieldName)) { + if (!allowExplicitIndex) { + throw new ElasticSearchIllegalArgumentException("explicit index in bulk is not allowed"); + } index = parser.text(); } else if ("_type".equals(currentFieldName)) { type = parser.text(); @@ -327,6 +337,9 @@ public BulkRequest add(BytesReference data, boolean contentUnsafe, @Nullable Str // we use internalAdd so we don't fork here, this allows us not to copy over the big byte array to small chunks // of index request. All index requests are still unsafe if applicable. if ("index".equals(action)) { + if (!allowExplicitIndex) { + throw new ElasticSearchIllegalArgumentException("explicit index in bulk is not allowed"); + } if (opType == null) { internalAdd(new IndexRequest(index, type, id).routing(routing).parent(parent).timestamp(timestamp).ttl(ttl).version(version).versionType(versionType) .source(data.slice(from, nextMarker - from), contentUnsafe), payload); diff --git a/src/main/java/org/elasticsearch/action/get/MultiGetRequest.java b/src/main/java/org/elasticsearch/action/get/MultiGetRequest.java index a41c3335ad1ee..290ef767d678c 100644 --- a/src/main/java/org/elasticsearch/action/get/MultiGetRequest.java +++ b/src/main/java/org/elasticsearch/action/get/MultiGetRequest.java @@ -264,11 +264,15 @@ public MultiGetRequest refresh(boolean refresh) { return this; } - public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, byte[] data, int from, int length) throws Exception { - add(defaultIndex, defaultType, defaultFields, defaultFetchSource, new BytesArray(data, from, length)); + public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, byte[] data, int from, int length) throws Exception { + return add(defaultIndex, defaultType, defaultFields, defaultFetchSource, new BytesArray(data, from, length), true); } - public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data) throws Exception { + public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data) throws Exception { + return add(defaultIndex, defaultType, defaultFields, defaultFetchSource, data, true); + } + + public MultiGetRequest add(@Nullable String defaultIndex, @Nullable String defaultType, @Nullable String[] defaultFields, @Nullable FetchSourceContext defaultFetchSource, BytesReference data, boolean allowExplicitIndex) throws Exception { XContentParser parser = XContentFactory.xContent(data).createParser(data); try { XContentParser.Token token; @@ -298,6 +302,9 @@ public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nu currentFieldName = parser.currentName(); } else if (token.isValue()) { if ("_index".equals(currentFieldName)) { + if (!allowExplicitIndex) { + throw new ElasticSearchIllegalArgumentException("explicit index in multi get is not allowed"); + } index = parser.text(); } else if ("_type".equals(currentFieldName)) { type = parser.text(); @@ -388,6 +395,7 @@ public void add(@Nullable String defaultIndex, @Nullable String defaultType, @Nu } finally { parser.close(); } + return this; } @Override diff --git a/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java b/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java index 0930540d81316..c6299c98954a8 100644 --- a/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java +++ b/src/main/java/org/elasticsearch/action/search/MultiSearchRequest.java @@ -20,6 +20,7 @@ package org.elasticsearch.action.search; import com.google.common.collect.Lists; +import org.elasticsearch.ElasticSearchIllegalArgumentException; import org.elasticsearch.ElasticSearchParseException; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; @@ -69,11 +70,14 @@ public MultiSearchRequest add(SearchRequest request) { public MultiSearchRequest add(byte[] data, int from, int length, boolean contentUnsafe, @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType) throws Exception { - return add(new BytesArray(data, from, length), contentUnsafe, indices, types, searchType, IgnoreIndices.NONE); + return add(new BytesArray(data, from, length), contentUnsafe, indices, types, searchType, IgnoreIndices.NONE, true); } - public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, - @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices) throws Exception { + public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices) throws Exception { + return add(data, contentUnsafe, indices, types, searchType, ignoreIndices, true); + } + + public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, @Nullable String[] indices, @Nullable String[] types, @Nullable String searchType, IgnoreIndices ignoreIndices, boolean allowExplicitIndex) throws Exception { XContent xContent = XContentFactory.xContent(data); int from = 0; int length = data.length(); @@ -115,6 +119,9 @@ public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, currentFieldName = parser.currentName(); } else if (token.isValue()) { if ("index".equals(currentFieldName) || "indices".equals(currentFieldName)) { + if (!allowExplicitIndex) { + throw new ElasticSearchIllegalArgumentException("explicit index in multi search is not allowed"); + } searchRequest.indices(Strings.splitStringByCommaToArray(parser.text())); } else if ("type".equals(currentFieldName) || "types".equals(currentFieldName)) { searchRequest.types(Strings.splitStringByCommaToArray(parser.text())); @@ -129,6 +136,9 @@ public MultiSearchRequest add(BytesReference data, boolean contentUnsafe, } } else if (token == XContentParser.Token.START_ARRAY) { if ("index".equals(currentFieldName) || "indices".equals(currentFieldName)) { + if (!allowExplicitIndex) { + throw new ElasticSearchIllegalArgumentException("explicit index in multi search is not allowed"); + } searchRequest.indices(parseArray(parser)); } else if ("type".equals(currentFieldName) || "types".equals(currentFieldName)) { searchRequest.types(parseArray(parser)); diff --git a/src/main/java/org/elasticsearch/rest/action/bulk/RestBulkAction.java b/src/main/java/org/elasticsearch/rest/action/bulk/RestBulkAction.java index cd9dd2df97491..1cc74f7a915f8 100644 --- a/src/main/java/org/elasticsearch/rest/action/bulk/RestBulkAction.java +++ b/src/main/java/org/elasticsearch/rest/action/bulk/RestBulkAction.java @@ -53,6 +53,8 @@ */ public class RestBulkAction extends BaseRestHandler { + private final boolean allowExplicitIndex; + @Inject public RestBulkAction(Settings settings, Client client, RestController controller) { super(settings, client); @@ -63,6 +65,8 @@ public RestBulkAction(Settings settings, Client client, RestController controlle controller.registerHandler(PUT, "/{index}/_bulk", this); controller.registerHandler(POST, "/{index}/{type}/_bulk", this); controller.registerHandler(PUT, "/{index}/{type}/_bulk", this); + + this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true); } @Override @@ -82,7 +86,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel) } bulkRequest.refresh(request.paramAsBoolean("refresh", bulkRequest.refresh())); try { - bulkRequest.add(request.content(), request.contentUnsafe(), defaultIndex, defaultType); + bulkRequest.add(request.content(), request.contentUnsafe(), defaultIndex, defaultType, allowExplicitIndex); } catch (Exception e) { try { XContentBuilder builder = restContentBuilder(request); diff --git a/src/main/java/org/elasticsearch/rest/action/get/RestMultiGetAction.java b/src/main/java/org/elasticsearch/rest/action/get/RestMultiGetAction.java index 7f923ca70b356..96353586404f0 100644 --- a/src/main/java/org/elasticsearch/rest/action/get/RestMultiGetAction.java +++ b/src/main/java/org/elasticsearch/rest/action/get/RestMultiGetAction.java @@ -40,6 +40,8 @@ public class RestMultiGetAction extends BaseRestHandler { + private final boolean allowExplicitIndex; + @Inject public RestMultiGetAction(Settings settings, Client client, RestController controller) { super(settings, client); @@ -49,6 +51,8 @@ public RestMultiGetAction(Settings settings, Client client, RestController contr controller.registerHandler(POST, "/{index}/_mget", this); controller.registerHandler(GET, "/{index}/{type}/_mget", this); controller.registerHandler(POST, "/{index}/{type}/_mget", this); + + this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true); } @Override @@ -68,7 +72,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel) FetchSourceContext defaultFetchSource = FetchSourceContext.parseFromRestRequest(request); try { - multiGetRequest.add(request.param("index"), request.param("type"), sFields, defaultFetchSource, request.content()); + multiGetRequest.add(request.param("index"), request.param("type"), sFields, defaultFetchSource, request.content(), allowExplicitIndex); } catch (Exception e) { try { XContentBuilder builder = restContentBuilder(request); diff --git a/src/main/java/org/elasticsearch/rest/action/search/RestMultiSearchAction.java b/src/main/java/org/elasticsearch/rest/action/search/RestMultiSearchAction.java index 02437287b5af5..3c7ceff295964 100644 --- a/src/main/java/org/elasticsearch/rest/action/search/RestMultiSearchAction.java +++ b/src/main/java/org/elasticsearch/rest/action/search/RestMultiSearchAction.java @@ -42,6 +42,8 @@ */ public class RestMultiSearchAction extends BaseRestHandler { + private final boolean allowExplicitIndex; + @Inject public RestMultiSearchAction(Settings settings, Client client, RestController controller) { super(settings, client); @@ -52,6 +54,8 @@ public RestMultiSearchAction(Settings settings, Client client, RestController co controller.registerHandler(POST, "/{index}/_msearch", this); controller.registerHandler(GET, "/{index}/{type}/_msearch", this); controller.registerHandler(POST, "/{index}/{type}/_msearch", this); + + this.allowExplicitIndex = settings.getAsBoolean("rest.action.multi.allow_explicit_index", true); } @Override @@ -67,7 +71,7 @@ public void handleRequest(final RestRequest request, final RestChannel channel) } try { - multiSearchRequest.add(request.content(), request.contentUnsafe(), indices, types, request.param("search_type"), ignoreIndices); + multiSearchRequest.add(request.content(), request.contentUnsafe(), indices, types, request.param("search_type"), ignoreIndices, allowExplicitIndex); } catch (Exception e) { try { XContentBuilder builder = restContentBuilder(request);