SOLR-13158: DIH: Add System property toggle for use of dataConfig param

This commit is contained in:
David Smiley 2019-07-02 23:59:39 -04:00
parent 81e63e8fec
commit 325824cd39
5 changed files with 23 additions and 11 deletions

View File

@ -257,6 +257,12 @@ Bug Fixes
* SOLR-13159: Fix atomic update encoding issue for UUID, enum, bool, and binary fields (Thomas Wockinger via Jason Gerlowski)
Improvements
----------------------
* SOLR-13158: DataImportHandler: Added enable.dih.dataConfigParam system property to toggle whether the dataConfig param
is permitted. (David Smiley, janhoy, Tomás Fernández Löbbe)
================== 8.1.1 ==================
Consult the LUCENE_CHANGES.txt file for additional, low level, changes in this release.

View File

@ -80,6 +80,9 @@ public class DataImportHandler extends RequestHandlerBase implements
private static final String PARAM_WRITER_IMPL = "writerImpl";
private static final String DEFAULT_WRITER_NAME = "SolrWriter";
static final String ENABLE_DIH_DATA_CONFIG_PARAM = "enable.dih.dataConfigParam";
final boolean dataConfigParam_enabled = Boolean.getBoolean(ENABLE_DIH_DATA_CONFIG_PARAM);
public DataImporter getImporter() {
return this.importer;
@ -134,7 +137,7 @@ public class DataImportHandler extends RequestHandlerBase implements
if (DataImporter.SHOW_CONF_CMD.equals(command)) {
String dataConfigFile = params.get("config");
String dataConfig = params.get("dataConfig");
String dataConfig = params.get("dataConfig"); // needn't check dataConfigParam_enabled; we don't execute it
if(dataConfigFile != null) {
dataConfig = SolrWriter.getResourceAsString(req.getCore().getResourceLoader().openResource(dataConfigFile));
}
@ -151,6 +154,12 @@ public class DataImportHandler extends RequestHandlerBase implements
return;
}
if (params.get("dataConfig") != null && dataConfigParam_enabled == false) {
throw new SolrException(SolrException.ErrorCode.FORBIDDEN,
"Use of the dataConfig param (DIH debug mode) requires the system property " +
ENABLE_DIH_DATA_CONFIG_PARAM + " because it's a security risk.");
}
rsp.add("initArgs", initArgs);
String message = "";

View File

@ -39,7 +39,7 @@ import org.apache.solr.update.MergeIndexesCommand;
import org.apache.solr.update.RollbackUpdateCommand;
import org.apache.solr.update.processor.UpdateRequestProcessor;
import org.apache.solr.update.processor.UpdateRequestProcessorFactory;
import org.junit.Before;
import org.junit.BeforeClass;
/**
* <p>
@ -60,13 +60,10 @@ public abstract class AbstractDataImportHandlerTestCase extends
FileUtils.copyDirectory(getFile("dih/solr"), testHome);
initCore(config, schema, testHome.getAbsolutePath());
}
@Override
@Before
public void setUp() throws Exception {
super.setUp();
File home = createTempDir("dih-properties").toFile();
System.setProperty("solr.solr.home", home.getAbsolutePath());
@BeforeClass
public static void baseBeforeClass() {
System.setProperty(DataImportHandler.ENABLE_DIH_DATA_CONFIG_PARAM, "true");
}
protected String loadDataConfig(String dataConfigFileName) {

View File

@ -519,7 +519,7 @@ public class PluginBag<T> implements AutoCloseable {
}
public static boolean isEnabled() {
return "true".equals(System.getProperty("enable.runtime.lib"));
return Boolean.getBoolean("enable.runtime.lib");
}
public String getName() {

View File

@ -116,7 +116,7 @@ This example shows how to extract fields from four tables defining a simple prod
Datasources can still be specified in `solrconfig.xml`. These must be specified in the defaults section of the handler in `solrconfig.xml`. However, these are not parsed until the main configuration is loaded.
The entire configuration itself can be passed as a request parameter using the `dataConfig` parameter rather than using a file. When configuration errors are encountered, the error message is returned in XML format.
The entire configuration itself can be passed as a request parameter using the `dataConfig` parameter rather than using a file. When configuration errors are encountered, the error message is returned in XML format. Due to security concerns, this only works if you start Solr with `-Denable.dih.dataConfigParam=true`.
A `reload-config` command is also supported, which is useful for validating a new configuration file, or if you want to specify a file, load it, and not have it reloaded again on import. If there is an `xml` mistake in the configuration a user-friendly message is returned in `xml` format. You can then fix the problem and do a `reload-config`.