From 6aa28bd6558e47080166bf42b2b97aaa74ebf90b Mon Sep 17 00:00:00 2001 From: Kevin Risden Date: Thu, 6 Oct 2016 18:36:39 -0500 Subject: [PATCH] SOLR-8385: Narrow StreamFactory.withFunctionName clazz parameter to prevent misconfiguration --- solr/CHANGES.txt | 1 + .../org/apache/solr/handler/GraphHandler.java | 7 +-- .../apache/solr/handler/StreamHandler.java | 10 ++--- .../solrj/io/stream/expr/StreamFactory.java | 44 +++++++++---------- 4 files changed, 31 insertions(+), 31 deletions(-) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 90419f93bed..f27216ec2a3 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -254,6 +254,7 @@ Other Changes * SOLR-9589: Remove jackson dependency from SolrJ (Ishan Chattopadhyaya, noble) +* SOLR-8385: Narrow StreamFactory.withFunctionName clazz parameter to prevent misconfiguration (Jason Gerlowski, Kevin Risden) ================== 6.2.1 ================== diff --git a/solr/core/src/java/org/apache/solr/handler/GraphHandler.java b/solr/core/src/java/org/apache/solr/handler/GraphHandler.java index 4b043b248d8..339b4d7c033 100644 --- a/solr/core/src/java/org/apache/solr/handler/GraphHandler.java +++ b/solr/core/src/java/org/apache/solr/handler/GraphHandler.java @@ -80,8 +80,8 @@ public class GraphHandler extends RequestHandlerBase implements SolrCoreAware, P * * */ - String defaultCollection = null; - String defaultZkhost = null; + String defaultCollection; + String defaultZkhost; CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer(); this.coreName = core.getName(); @@ -140,7 +140,8 @@ public class GraphHandler extends RequestHandlerBase implements SolrCoreAware, P if(null != functionMappingsObj){ NamedList functionMappings = (NamedList)functionMappingsObj; for(Entry functionMapping : functionMappings){ - Class clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class); + Class clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), + Expressible.class); streamFactory.withFunctionName(functionMapping.getKey(), clazz); } } diff --git a/solr/core/src/java/org/apache/solr/handler/StreamHandler.java b/solr/core/src/java/org/apache/solr/handler/StreamHandler.java index 6dbfdbe8fd1..49bd2da8e68 100644 --- a/solr/core/src/java/org/apache/solr/handler/StreamHandler.java +++ b/solr/core/src/java/org/apache/solr/handler/StreamHandler.java @@ -69,7 +69,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware, private StreamFactory streamFactory = new StreamFactory(); private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); private String coreName; - private Map daemons = new HashMap(); + private Map daemons = new HashMap<>(); @Override public PermissionNameProvider.Name getPermissionName(AuthorizationContext request) { @@ -88,8 +88,8 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware, * * */ - String defaultCollection = null; - String defaultZkhost = null; + String defaultCollection; + String defaultZkhost; CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer(); this.coreName = core.getName(); @@ -158,7 +158,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware, if(null != functionMappingsObj){ NamedList functionMappings = (NamedList)functionMappingsObj; for(Entry functionMapping : functionMappings){ - Class clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class); + Class clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class); streamFactory.withFunctionName(functionMapping.getKey(), clazz); } } @@ -186,7 +186,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware, return; } - TupleStream tupleStream = null; + TupleStream tupleStream; try { tupleStream = this.streamFactory.constructStream(params.get("expr")); diff --git a/solr/solrj/src/java/org/apache/solr/client/solrj/io/stream/expr/StreamFactory.java b/solr/solrj/src/java/org/apache/solr/client/solrj/io/stream/expr/StreamFactory.java index 9008bc675e8..d2e72dfc9ea 100644 --- a/solr/solrj/src/java/org/apache/solr/client/solrj/io/stream/expr/StreamFactory.java +++ b/solr/solrj/src/java/org/apache/solr/client/solrj/io/stream/expr/StreamFactory.java @@ -42,12 +42,12 @@ import org.apache.solr.client.solrj.io.stream.metrics.Metric; public class StreamFactory implements Serializable { private transient HashMap collectionZkHosts; - private transient HashMap functionNames; + private transient HashMap> functionNames; private transient String defaultZkHost; public StreamFactory(){ - collectionZkHosts = new HashMap(); - functionNames = new HashMap(); + collectionZkHosts = new HashMap<>(); + functionNames = new HashMap<>(); } public StreamFactory withCollectionZkHost(String collectionName, String zkHost){ @@ -71,10 +71,10 @@ public class StreamFactory implements Serializable { return null; } - public Map getFunctionNames(){ + public Map> getFunctionNames(){ return functionNames; } - public StreamFactory withFunctionName(String functionName, Class clazz){ + public StreamFactory withFunctionName(String functionName, Class clazz){ this.functionNames.put(functionName, clazz); return this; } @@ -100,7 +100,7 @@ public class StreamFactory implements Serializable { } public List getNamedOperands(StreamExpression expression){ - List namedParameters = new ArrayList(); + List namedParameters = new ArrayList<>(); for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpressionNamedParameter.class)){ namedParameters.add((StreamExpressionNamedParameter)parameter); } @@ -119,7 +119,7 @@ public class StreamFactory implements Serializable { } public List getExpressionOperands(StreamExpression expression){ - List namedParameters = new ArrayList(); + List namedParameters = new ArrayList<>(); for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){ namedParameters.add((StreamExpression)parameter); } @@ -127,7 +127,7 @@ public class StreamFactory implements Serializable { return namedParameters; } public List getExpressionOperands(StreamExpression expression, String functionName){ - List namedParameters = new ArrayList(); + List namedParameters = new ArrayList<>(); for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){ StreamExpression expressionOperand = (StreamExpression)parameter; if(expressionOperand.getFunctionName().equals(functionName)){ @@ -138,7 +138,7 @@ public class StreamFactory implements Serializable { return namedParameters; } public List getOperandsOfType(StreamExpression expression, Class ... clazzes){ - List parameters = new ArrayList(); + List parameters = new ArrayList<>(); parameterLoop: for(StreamExpressionParameter parameter : expression.getParameters()){ @@ -155,7 +155,7 @@ public class StreamFactory implements Serializable { } public List getExpressionOperandsRepresentingTypes(StreamExpression expression, Class ... clazzes){ - List matchingStreamExpressions = new ArrayList(); + List matchingStreamExpressions = new ArrayList<>(); List allStreamExpressions = getExpressionOperands(expression); parameterLoop: @@ -215,10 +215,9 @@ public class StreamFactory implements Serializable { public TupleStream constructStream(StreamExpression expression) throws IOException{ String function = expression.getFunctionName(); if(functionNames.containsKey(function)){ - Class clazz = functionNames.get(function); + Class clazz = functionNames.get(function); if(Expressible.class.isAssignableFrom(clazz) && TupleStream.class.isAssignableFrom(clazz)){ - TupleStream stream = (TupleStream)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); - return stream; + return (TupleStream)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); } } @@ -231,10 +230,9 @@ public class StreamFactory implements Serializable { public Metric constructMetric(StreamExpression expression) throws IOException{ String function = expression.getFunctionName(); if(functionNames.containsKey(function)){ - Class clazz = functionNames.get(function); + Class clazz = functionNames.get(function); if(Expressible.class.isAssignableFrom(clazz) && Metric.class.isAssignableFrom(clazz)){ - Metric metric = (Metric)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); - return metric; + return (Metric)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); } } @@ -272,7 +270,7 @@ public class StreamFactory implements Serializable { else if(null == rightFieldName){ rightFieldName = part.trim(); } - else if(null == order){ + else { order = part.trim(); break; // we're done, stop looping } @@ -334,7 +332,7 @@ public class StreamFactory implements Serializable { public StreamOperation constructOperation(StreamExpression expression) throws IOException{ String function = expression.getFunctionName(); if(functionNames.containsKey(function)){ - Class clazz = functionNames.get(function); + Class clazz = functionNames.get(function); if(Expressible.class.isAssignableFrom(clazz) && StreamOperation.class.isAssignableFrom(clazz)){ return (StreamOperation)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); } @@ -360,8 +358,8 @@ public class StreamFactory implements Serializable { } } - public String getFunctionName(Class clazz) throws IOException{ - for(Entry entry : functionNames.entrySet()){ + public String getFunctionName(Class clazz) throws IOException{ + for(Entry> entry : functionNames.entrySet()){ if(entry.getValue() == clazz){ return entry.getKey(); } @@ -375,9 +373,9 @@ public class StreamFactory implements Serializable { if("null".equals(lower)){ return null; } if("true".equals(lower) || "false".equals(lower)){ return Boolean.parseBoolean(lower); } - try{ return Long.valueOf(original); } catch(Exception e){}; - try{ if (original.matches(".{1,8}")){ return Float.valueOf(original); }} catch(Exception e){}; - try{ if (original.matches(".{1,17}")){ return Double.valueOf(original); }} catch(Exception e){}; + try{ return Long.valueOf(original); } catch(Exception ignored){}; + try{ if (original.matches(".{1,8}")){ return Float.valueOf(original); }} catch(Exception ignored){}; + try{ if (original.matches(".{1,17}")){ return Double.valueOf(original); }} catch(Exception ignored){}; // is a string return original;