-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOLR-14561 CoreAdminAPI's parameters instanceDir and dataDir are now validated #1572
Conversation
Add several extra tests, restructured tests for better readability
Ran the whole test suite and uncovered various tests that use "illegal" temp test folders, that now fail. That was expected. So the last commit ba0b544 addresses these tests: Give a way to whitelist all paths by setting Add a This also led to a small change in the path comparison - we now convert Path -> String -> Path to make sure paths are comparable, even Lucene's To review, the easiest is probably to just load the last commit ba0b544 |
The tests still don't pass on Windows, and I have found the reason. Will push a few more changes on friday. |
# Conflicts: # solr/CHANGES.txt
All tests now passing on macOS and hopefully Windows (running tests now in a slow VirtualBox). |
"Path " + pathToAssert + " disallowed due to path traversal.."); | ||
} | ||
if (!path.isAbsolute()) return; // All relative paths are accepted | ||
if (allowPaths.contains(Paths.get("_ALL_"))) return; // Catch-all path "*"/"_ALL_" will allow all other paths |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the workaround I did after realizing that Windows Path
class is not happy with *
as a path. When parsing the value from solr.xml/sysprop, we detect *
and store it as a Path _ALL_
. Then in the assert method we check for that special path and skip further testing.
Exception is UNC paths and ..
paths which are still rejected (should they?)
I think this is approaching committable state. Appreciate if someone with a good Windows box would run the full test suite on Windows. But I think I'll anyway merge to master and let Jenkins work on it for a few rounds. Then I'll backport to 8.x branch in good time before 8.6 branch cut. |
@mkhludnev ? I recall you use Windows. |
Better JavaDocs for SolrPaths.assertPathAllowed
* upstream/master: (218 commits) LUCENE-9412 Do not validate jenkins HTTPS cert LUCENE-8962: add ability to selectively merge on commit (apache#1552) Replace DWPT.DocState with simple method parameters (apache#1594) LUCENE-9402: Let MultiCollector handle minCompetitiveScore (apache#1567) SOLR-14574: Fix or suppress warnings in solr/core/src/test (part 2) SOLR-14561 CoreAdminAPI's parameters instanceDir and dataDir are now validated (apache#1572) SOLR-14532: Add *.iml files to gitignore SOLR-14577: Return BAD REQUEST when field is missing in terms QP (apache#1588) SOLR-14574: Fix or suppress warnings in solr/core/src/test (part 1) remove debug code LUCENE-9408: roll back only called once enforcement LUCENE-8962: Allow waiting for all merges in a merge spec (apache#1585) SOLR-14572 document missing SearchComponents (apache#1581) LUCENE-9359: Avoid test failures when the extra file is a dir. SOLR-14573: Fix or suppress warnings in solrj/src/test LUCENE-9353: Move terms metadata to its own file. (apache#1473) Cleanup TermsHashPerField (apache#1573) SOLR-14558: Record all log lines in SolrLogPostTool (apache#1570) LUCENE-9404: simplify checksum calculation of ByteBuffersIndexOutput LUCENE-9403: tune BufferedChecksum.DEFAULT_BUFFERSIZE ...
See https://issues.apache.org/jira/browse/SOLR-14561
The
instanceDir
anddataDir
params must now be relative to eitherSOLR_HOME
,SOLR_DATA_HOME
orcoreRootDir
.Added new solr.xml config 'allowPaths', controlled by system property 'solr.allowPaths' that allows you to add other allowed paths when needed.