[SPARK-49240][BUILD] Add scalastyle and checkstyle rules to avoid URL constructors#47762
[SPARK-49240][BUILD] Add scalastyle and checkstyle rules to avoid URL constructors#47762dongjoon-hyun wants to merge 2 commits intoapache:masterfrom
scalastyle and checkstyle rules to avoid URL constructors#47762Conversation
There was a problem hiding this comment.
This is a little tricky to change. So, this PR allows this as the only exception.
There was a problem hiding this comment.
val requestURI = new URI(request.getRequestURL.toString)
val newUri = requestURI.resolve(prefixedDestPath).toString
response.sendRedirect(newUri)Will there be any problems with this change?
There was a problem hiding this comment.
To @LuciferYang , I checked multiple corner cases. And, it's not the same in some cases like the following. I'd prefer to keep the existing logic to avoid any risk here.
$ jshell
| Welcome to JShell -- Version 21.0.4
| For an introduction type: /help intro
jshell> new URL(new URL("https://a"), "?index.html")
$1 ==> https://a/?index.html
jshell> new URI("https://a").resolve("?index.html")
$2 ==> https://a?index.html
There was a problem hiding this comment.
To be clear, this PR aims to prevent any future addition of new URL( instead of removing everyone instances of new URL(.
|
Could you review this when you have some time, @LuciferYang ? |
dongjoon-hyun
force-pushed
the
SPARK-49240
branch
2 times, most recently
from
d67ef0d to
5ef3706
Compare
… `URL` constructors
dongjoon-hyun
force-pushed
the
SPARK-49240
branch
from
5ef3706 to
3178377
Compare
| // Try a request with bad content in a parameter to make sure the security filter | ||
| // is being added to new handlers. | ||
| // scalastyle:off URLConstructor | ||
| val badRequest = new URL( |
There was a problem hiding this comment.
To keep the existing test coverage, we need to keep URL because it doesn't complain while URI throws URISyntaxException.
[info] - add and remove handlers with custom user filter *** FAILED *** (92 milliseconds)
[info] java.net.URISyntaxException: Illegal character in query at index 47: http://127.0.0.1:54129/test/root?bypass&invalid<=foo
|
Thank you, @HyukjinKwon . I excluded one more instance to keep the existing test coverage. |
| @@ -351,7 +351,7 @@ private class TestMasterInfo(val ip: String, val dockerId: DockerId, val logFile | |||
| def readState(): Unit = { | |||
| try { | |||
| val masterStream = new InputStreamReader( | |||
There was a problem hiding this comment.
not related to this PR, but it seems that masterStream has not been closed.
There was a problem hiding this comment.
val requestURI = new URI(request.getRequestURL.toString)
val newUri = requestURI.resolve(prefixedDestPath).toString
response.sendRedirect(newUri)Will there be any problems with this change?
| ]]></customMessage> | ||
| </check> | ||
|
|
||
| <check customId="URLConstructor" level="error" class="org.scalastyle.file.RegexChecker" enabled="true"> |
There was a problem hiding this comment.
Should this rule also be added to dev/checkstyle.xml?
There was a problem hiding this comment.
It's already added by this PR, here.
Lines 209 to 212 in b1af69e
|
Could you review this once more, @LuciferYang ? |
|
Merged into master. Thanks @dongjoon-hyun and @HyukjinKwon |
|
Thank you, @LuciferYang and @HyukjinKwon ! |
3 participants
What changes were proposed in this pull request?
This PR aims to add
scalastyleandcheckstylerules to avoidURLconstructors.Why are the changes needed?
The java.net.URL class does not itself encode or decode any URL components according to the escaping mechanism defined in RFC2396.
So, from Java 20, all
URLconstructors are deprecated. We had better use betterURIclass.Does this PR introduce any user-facing change?
No.
How was this patch tested?
Pass the CIs with newly added rules.
After this PR, there is only two exceptional instances in
JettyUtils.scalaandUISuite.scala.JettyUtilsis tricky instancejava.net.URISyntaxException. This is an example whyURIis better. In this PR, we keep the old, URL class, to keep the test coverage.Was this patch authored or co-authored using generative AI tooling?
No.