From 22d3eed80c20a2cdea75a4c875b47cec8d2e659d Mon Sep 17 00:00:00 2001 From: Suneet Saldanha <44787917+suneet-s@users.noreply.github.com> Date: Fri, 10 Apr 2020 10:46:04 -0700 Subject: [PATCH] Do not use external input in format strings (#9665) https://lgtm.com/rules/7900080/ --- .../DefaultBasicAuthenticatorResourceHandler.java | 6 +++--- .../DefaultBasicAuthorizerResourceHandler.java | 11 +++++------ .../apache/druid/metadata/SQLMetadataRuleManager.java | 4 ++-- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/endpoint/DefaultBasicAuthenticatorResourceHandler.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/endpoint/DefaultBasicAuthenticatorResourceHandler.java index b9a6f611b97..ac0453cbd64 100644 --- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/endpoint/DefaultBasicAuthenticatorResourceHandler.java +++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/endpoint/DefaultBasicAuthenticatorResourceHandler.java @@ -37,6 +37,7 @@ public class DefaultBasicAuthenticatorResourceHandler implements BasicAuthentica { private static final Logger log = new Logger(DefaultBasicAuthenticatorResourceHandler.class); private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build(); + private static final String UNKNOWN_AUTHENTICATOR_MSG_FORMAT = "Received user update for unknown authenticator[%s]"; private final BasicAuthenticatorCacheManager cacheManager; private final Map authenticatorMap; @@ -113,12 +114,11 @@ public class DefaultBasicAuthenticatorResourceHandler implements BasicAuthentica { final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName); if (authenticator == null) { - String errMsg = StringUtils.format("Received user update for unknown authenticator[%s]", authenticatorName); - log.error(errMsg); + log.error(UNKNOWN_AUTHENTICATOR_MSG_FORMAT, authenticatorName); return Response.status(Response.Status.BAD_REQUEST) .entity(ImmutableMap.of( "error", - StringUtils.format(errMsg) + StringUtils.format(UNKNOWN_AUTHENTICATOR_MSG_FORMAT, authenticatorName) )) .build(); } diff --git a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/DefaultBasicAuthorizerResourceHandler.java b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/DefaultBasicAuthorizerResourceHandler.java index 4e57d62eb37..956fc1be4af 100644 --- a/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/DefaultBasicAuthorizerResourceHandler.java +++ b/extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/DefaultBasicAuthorizerResourceHandler.java @@ -39,6 +39,7 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes { private static final Logger log = new Logger(DefaultBasicAuthorizerResourceHandler.class); private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build(); + private static final String UNKNOWN_AUTHORIZER_MSG_FORMAT = "Received update for unknown authorizer[%s]"; private final BasicAuthorizerCacheManager cacheManager; private final Map authorizerMap; @@ -196,12 +197,11 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes { final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName); if (authorizer == null) { - String errMsg = StringUtils.format("Received update for unknown authorizer[%s]", authorizerName); - log.error(errMsg); + log.error(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName); return Response.status(Response.Status.BAD_REQUEST) .entity(ImmutableMap.of( "error", - StringUtils.format(errMsg) + StringUtils.format(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName) )) .build(); } @@ -215,12 +215,11 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes { final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName); if (authorizer == null) { - String errMsg = StringUtils.format("Received update for unknown authorizer[%s]", authorizerName); - log.error(errMsg); + log.error(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName); return Response.status(Response.Status.BAD_REQUEST) .entity(ImmutableMap.of( "error", - StringUtils.format(errMsg) + StringUtils.format(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName) )) .build(); } diff --git a/server/src/main/java/org/apache/druid/metadata/SQLMetadataRuleManager.java b/server/src/main/java/org/apache/druid/metadata/SQLMetadataRuleManager.java index 0f0cce52110..48aaff45b06 100644 --- a/server/src/main/java/org/apache/druid/metadata/SQLMetadataRuleManager.java +++ b/server/src/main/java/org/apache/druid/metadata/SQLMetadataRuleManager.java @@ -408,7 +408,7 @@ public class SQLMetadataRuleManager implements MetadataRuleManager ); } catch (Exception e) { - log.error(e, StringUtils.format("Exception while overriding rule for %s", dataSource)); + log.error(e, "Exception while overriding rule for %s", dataSource); return false; } } @@ -416,7 +416,7 @@ public class SQLMetadataRuleManager implements MetadataRuleManager poll(); } catch (Exception e) { - log.error(e, StringUtils.format("Exception while polling for rules after overriding the rule for %s", dataSource)); + log.error(e, "Exception while polling for rules after overriding the rule for %s", dataSource); } return true; }