Apache
/
druid
mirror of https://github.com/apache/druid.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not use external input in format strings (#9665) 

https://lgtm.com/rules/7900080/
This commit is contained in:
Suneet Saldanha 2020-04-10 10:46:04 -07:00 committed by GitHub
parent bd1cff24a2
commit 22d3eed80c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authentication/endpoint/DefaultBasicAuthenticatorResourceHandler.java
View File

@ -37,6 +37,7 @@ public class DefaultBasicAuthenticatorResourceHandler implements BasicAuthentica
{ {
private static final Logger log = new Logger(DefaultBasicAuthenticatorResourceHandler.class); private static final Logger log = new Logger(DefaultBasicAuthenticatorResourceHandler.class);
private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build(); private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build();
private static final String UNKNOWN_AUTHENTICATOR_MSG_FORMAT = "Received user update for unknown authenticator[%s]";
private final BasicAuthenticatorCacheManager cacheManager; private final BasicAuthenticatorCacheManager cacheManager;
private final Map<String, BasicHTTPAuthenticator> authenticatorMap; private final Map<String, BasicHTTPAuthenticator> authenticatorMap;
@ -113,12 +114,11 @@ public class DefaultBasicAuthenticatorResourceHandler implements BasicAuthentica
{ {
final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName); final BasicHTTPAuthenticator authenticator = authenticatorMap.get(authenticatorName);
if (authenticator == null) { if (authenticator == null) {
String errMsg = StringUtils.format("Received user update for unknown authenticator[%s]", authenticatorName); log.error(UNKNOWN_AUTHENTICATOR_MSG_FORMAT, authenticatorName);
log.error(errMsg);
return Response.status(Response.Status.BAD_REQUEST) return Response.status(Response.Status.BAD_REQUEST)
.entity(ImmutableMap.<String, Object>of( .entity(ImmutableMap.<String, Object>of(
"error", "error",
StringUtils.format(errMsg) StringUtils.format(UNKNOWN_AUTHENTICATOR_MSG_FORMAT, authenticatorName)
)) ))
.build(); .build();
} }

11
extensions-core/druid-basic-security/src/main/java/org/apache/druid/security/basic/authorization/endpoint/DefaultBasicAuthorizerResourceHandler.java
View File

@ -39,6 +39,7 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes
{ {
private static final Logger log = new Logger(DefaultBasicAuthorizerResourceHandler.class); private static final Logger log = new Logger(DefaultBasicAuthorizerResourceHandler.class);
private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build(); private static final Response NOT_FOUND_RESPONSE = Response.status(Response.Status.NOT_FOUND).build();
private static final String UNKNOWN_AUTHORIZER_MSG_FORMAT = "Received update for unknown authorizer[%s]";
private final BasicAuthorizerCacheManager cacheManager; private final BasicAuthorizerCacheManager cacheManager;
private final Map<String, BasicRoleBasedAuthorizer> authorizerMap; private final Map<String, BasicRoleBasedAuthorizer> authorizerMap;
@ -196,12 +197,11 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes
{ {
final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName); final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName);
if (authorizer == null) { if (authorizer == null) {
String errMsg = StringUtils.format("Received update for unknown authorizer[%s]", authorizerName); log.error(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName);
log.error(errMsg);
return Response.status(Response.Status.BAD_REQUEST) return Response.status(Response.Status.BAD_REQUEST)
.entity(ImmutableMap.<String, Object>of( .entity(ImmutableMap.<String, Object>of(
"error", "error",
StringUtils.format(errMsg) StringUtils.format(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName)
)) ))
.build(); .build();
} }
@ -215,12 +215,11 @@ public class DefaultBasicAuthorizerResourceHandler implements BasicAuthorizerRes
{ {
final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName); final BasicRoleBasedAuthorizer authorizer = authorizerMap.get(authorizerName);
if (authorizer == null) { if (authorizer == null) {
String errMsg = StringUtils.format("Received update for unknown authorizer[%s]", authorizerName); log.error(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName);
log.error(errMsg);
return Response.status(Response.Status.BAD_REQUEST) return Response.status(Response.Status.BAD_REQUEST)
.entity(ImmutableMap.<String, Object>of( .entity(ImmutableMap.<String, Object>of(
"error", "error",
StringUtils.format(errMsg) StringUtils.format(UNKNOWN_AUTHORIZER_MSG_FORMAT, authorizerName)
)) ))
.build(); .build();
} }

4
server/src/main/java/org/apache/druid/metadata/SQLMetadataRuleManager.java
View File

@ -408,7 +408,7 @@ public class SQLMetadataRuleManager implements MetadataRuleManager
); );
} }
catch (Exception e) { catch (Exception e) {
log.error(e, StringUtils.format("Exception while overriding rule for %s", dataSource)); log.error(e, "Exception while overriding rule for %s", dataSource);
return false; return false;
} }
} }
@ -416,7 +416,7 @@ public class SQLMetadataRuleManager implements MetadataRuleManager
poll(); poll();
} }
catch (Exception e) { catch (Exception e) {
log.error(e, StringUtils.format("Exception while polling for rules after overriding the rule for %s", dataSource)); log.error(e, "Exception while polling for rules after overriding the rule for %s", dataSource);
} }
return true; return true;
} }