SOLR-14561 CoreAdminAPI's parameters instanceDir and dataDir are now validated #1572
Conversation
|
I think the only thing I'm lacking is a real integration test. I validated manually that core creation fails in |
Add several extra tests, restructured tests for better readability
|
Ran the whole test suite and uncovered various tests that use "illegal" temp test folders, that now fail. That was expected. So the last commit ba0b544 addresses these tests: Give a way to whitelist all paths by setting Add a This also led to a small change in the path comparison - we now convert Path -> String -> Path to make sure paths are comparable, even Lucene's To review, the easiest is probably to just load the last commit ba0b544 |
|
The tests still don't pass on Windows, and I have found the reason. Will push a few more changes on friday. |
# Conflicts: # solr/CHANGES.txt
|
All tests now passing on macOS and hopefully Windows (running tests now in a slow VirtualBox). |
| "Path " + pathToAssert + " disallowed due to path traversal.."); | ||
| } | ||
| if (!path.isAbsolute()) return; // All relative paths are accepted | ||
| if (allowPaths.contains(Paths.get("_ALL_"))) return; // Catch-all path "*"/"_ALL_" will allow all other paths |
There was a problem hiding this comment.
This is the workaround I did after realizing that Windows Path class is not happy with * as a path. When parsing the value from solr.xml/sysprop, we detect * and store it as a Path _ALL_. Then in the assert method we check for that special path and skip further testing.
Exception is UNC paths and .. paths which are still rejected (should they?)
|
I think this is approaching committable state. Appreciate if someone with a good Windows box would run the full test suite on Windows. But I think I'll anyway merge to master and let Jenkins work on it for a few rounds. Then I'll backport to 8.x branch in good time before 8.6 branch cut. |
|
@mkhludnev ? I recall you use Windows. |
Better JavaDocs for SolrPaths.assertPathAllowed
* upstream/master: (218 commits) LUCENE-9412 Do not validate jenkins HTTPS cert LUCENE-8962: add ability to selectively merge on commit (apache#1552) Replace DWPT.DocState with simple method parameters (apache#1594) LUCENE-9402: Let MultiCollector handle minCompetitiveScore (apache#1567) SOLR-14574: Fix or suppress warnings in solr/core/src/test (part 2) SOLR-14561 CoreAdminAPI's parameters instanceDir and dataDir are now validated (apache#1572) SOLR-14532: Add *.iml files to gitignore SOLR-14577: Return BAD REQUEST when field is missing in terms QP (apache#1588) SOLR-14574: Fix or suppress warnings in solr/core/src/test (part 1) remove debug code LUCENE-9408: roll back only called once enforcement LUCENE-8962: Allow waiting for all merges in a merge spec (apache#1585) SOLR-14572 document missing SearchComponents (apache#1581) LUCENE-9359: Avoid test failures when the extra file is a dir. SOLR-14573: Fix or suppress warnings in solrj/src/test LUCENE-9353: Move terms metadata to its own file. (apache#1473) Cleanup TermsHashPerField (apache#1573) SOLR-14558: Record all log lines in SolrLogPostTool (apache#1570) LUCENE-9404: simplify checksum calculation of ByteBuffersIndexOutput LUCENE-9403: tune BufferedChecksum.DEFAULT_BUFFERSIZE ...
See https://issues.apache.org/jira/browse/SOLR-14561
The
instanceDiranddataDirparams must now be relative to eitherSOLR_HOME,SOLR_DATA_HOMEorcoreRootDir.Added new solr.xml config 'allowPaths', controlled by system property 'solr.allowPaths' that allows you to add other allowed paths when needed.