Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOLR-8385: Narrow StreamFactory.withFunctionName clazz parameter to prevent misconfiguration

This commit is contained in:
Kevin Risden 2016-10-06 18:36:39 -05:00
parent 8225569b15
commit 6aa28bd655
4 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
solr/CHANGES.txt
View File

@ -254,6 +254,7 @@ Other Changes
* SOLR-9589: Remove jackson dependency from SolrJ (Ishan Chattopadhyaya, noble) * SOLR-9589: Remove jackson dependency from SolrJ (Ishan Chattopadhyaya, noble)
* SOLR-8385: Narrow StreamFactory.withFunctionName clazz parameter to prevent misconfiguration (Jason Gerlowski, Kevin Risden)
================== 6.2.1 ================== ================== 6.2.1 ==================

7
solr/core/src/java/org/apache/solr/handler/GraphHandler.java
View File

@ -80,8 +80,8 @@ public class GraphHandler extends RequestHandlerBase implements SolrCoreAware, P
* </lst> * </lst>
* */ * */
String defaultCollection = null; String defaultCollection;
String defaultZkhost = null; String defaultZkhost;
CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer(); CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer();
this.coreName = core.getName(); this.coreName = core.getName();
@ -140,7 +140,8 @@ public class GraphHandler extends RequestHandlerBase implements SolrCoreAware, P
if(null != functionMappingsObj){ if(null != functionMappingsObj){
NamedList<?> functionMappings = (NamedList<?>)functionMappingsObj; NamedList<?> functionMappings = (NamedList<?>)functionMappingsObj;
for(Entry<String,?> functionMapping : functionMappings){ for(Entry<String,?> functionMapping : functionMappings){
Class<?> clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class); Class<? extends Expressible> clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(),
Expressible.class);
streamFactory.withFunctionName(functionMapping.getKey(), clazz); streamFactory.withFunctionName(functionMapping.getKey(), clazz);
} }
} }

10
solr/core/src/java/org/apache/solr/handler/StreamHandler.java
View File

@ -69,7 +69,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware,
private StreamFactory streamFactory = new StreamFactory(); private StreamFactory streamFactory = new StreamFactory();
private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private String coreName; private String coreName;
private Map<String, DaemonStream> daemons = new HashMap(); private Map<String, DaemonStream> daemons = new HashMap<>();
@Override @Override
public PermissionNameProvider.Name getPermissionName(AuthorizationContext request) { public PermissionNameProvider.Name getPermissionName(AuthorizationContext request) {
@ -88,8 +88,8 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware,
* </lst> * </lst>
* */ * */
String defaultCollection = null; String defaultCollection;
String defaultZkhost = null; String defaultZkhost;
CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer(); CoreContainer coreContainer = core.getCoreDescriptor().getCoreContainer();
this.coreName = core.getName(); this.coreName = core.getName();
@ -158,7 +158,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware,
if(null != functionMappingsObj){ if(null != functionMappingsObj){
NamedList<?> functionMappings = (NamedList<?>)functionMappingsObj; NamedList<?> functionMappings = (NamedList<?>)functionMappingsObj;
for(Entry<String,?> functionMapping : functionMappings){ for(Entry<String,?> functionMapping : functionMappings){
Class<?> clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class); Class<? extends Expressible> clazz = core.getResourceLoader().findClass((String)functionMapping.getValue(), Expressible.class);
streamFactory.withFunctionName(functionMapping.getKey(), clazz); streamFactory.withFunctionName(functionMapping.getKey(), clazz);
} }
} }
@ -186,7 +186,7 @@ public class StreamHandler extends RequestHandlerBase implements SolrCoreAware,
return; return;
} }
TupleStream tupleStream = null; TupleStream tupleStream;
try { try {
tupleStream = this.streamFactory.constructStream(params.get("expr")); tupleStream = this.streamFactory.constructStream(params.get("expr"));

44
solr/solrj/src/java/org/apache/solr/client/solrj/io/stream/expr/StreamFactory.java
View File

@ -42,12 +42,12 @@ import org.apache.solr.client.solrj.io.stream.metrics.Metric;
public class StreamFactory implements Serializable { public class StreamFactory implements Serializable {
private transient HashMap<String,String> collectionZkHosts; private transient HashMap<String,String> collectionZkHosts;
private transient HashMap<String,Class> functionNames; private transient HashMap<String,Class<? extends Expressible>> functionNames;
private transient String defaultZkHost; private transient String defaultZkHost;
public StreamFactory(){ public StreamFactory(){
collectionZkHosts = new HashMap<String,String>(); collectionZkHosts = new HashMap<>();
functionNames = new HashMap<String,Class>(); functionNames = new HashMap<>();
} }
public StreamFactory withCollectionZkHost(String collectionName, String zkHost){ public StreamFactory withCollectionZkHost(String collectionName, String zkHost){
@ -71,10 +71,10 @@ public class StreamFactory implements Serializable {
return null; return null;
} }
public Map<String,Class> getFunctionNames(){ public Map<String,Class<? extends Expressible>> getFunctionNames(){
return functionNames; return functionNames;
} }
public StreamFactory withFunctionName(String functionName, Class clazz){ public StreamFactory withFunctionName(String functionName, Class<? extends Expressible> clazz){
this.functionNames.put(functionName, clazz); this.functionNames.put(functionName, clazz);
return this; return this;
} }
@ -100,7 +100,7 @@ public class StreamFactory implements Serializable {
} }
public List<StreamExpressionNamedParameter> getNamedOperands(StreamExpression expression){ public List<StreamExpressionNamedParameter> getNamedOperands(StreamExpression expression){
List<StreamExpressionNamedParameter> namedParameters = new ArrayList<StreamExpressionNamedParameter>(); List<StreamExpressionNamedParameter> namedParameters = new ArrayList<>();
for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpressionNamedParameter.class)){ for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpressionNamedParameter.class)){
namedParameters.add((StreamExpressionNamedParameter)parameter); namedParameters.add((StreamExpressionNamedParameter)parameter);
} }
@ -119,7 +119,7 @@ public class StreamFactory implements Serializable {
} }
public List<StreamExpression> getExpressionOperands(StreamExpression expression){ public List<StreamExpression> getExpressionOperands(StreamExpression expression){
List<StreamExpression> namedParameters = new ArrayList<StreamExpression>(); List<StreamExpression> namedParameters = new ArrayList<>();
for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){ for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){
namedParameters.add((StreamExpression)parameter); namedParameters.add((StreamExpression)parameter);
} }
@ -127,7 +127,7 @@ public class StreamFactory implements Serializable {
return namedParameters; return namedParameters;
} }
public List<StreamExpression> getExpressionOperands(StreamExpression expression, String functionName){ public List<StreamExpression> getExpressionOperands(StreamExpression expression, String functionName){
List<StreamExpression> namedParameters = new ArrayList<StreamExpression>(); List<StreamExpression> namedParameters = new ArrayList<>();
for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){ for(StreamExpressionParameter parameter : getOperandsOfType(expression, StreamExpression.class)){
StreamExpression expressionOperand = (StreamExpression)parameter; StreamExpression expressionOperand = (StreamExpression)parameter;
if(expressionOperand.getFunctionName().equals(functionName)){ if(expressionOperand.getFunctionName().equals(functionName)){
@ -138,7 +138,7 @@ public class StreamFactory implements Serializable {
return namedParameters; return namedParameters;
} }
public List<StreamExpressionParameter> getOperandsOfType(StreamExpression expression, Class ... clazzes){ public List<StreamExpressionParameter> getOperandsOfType(StreamExpression expression, Class ... clazzes){
List<StreamExpressionParameter> parameters = new ArrayList<StreamExpressionParameter>(); List<StreamExpressionParameter> parameters = new ArrayList<>();
parameterLoop: parameterLoop:
for(StreamExpressionParameter parameter : expression.getParameters()){ for(StreamExpressionParameter parameter : expression.getParameters()){
@ -155,7 +155,7 @@ public class StreamFactory implements Serializable {
} }
public List<StreamExpression> getExpressionOperandsRepresentingTypes(StreamExpression expression, Class ... clazzes){ public List<StreamExpression> getExpressionOperandsRepresentingTypes(StreamExpression expression, Class ... clazzes){
List<StreamExpression> matchingStreamExpressions = new ArrayList<StreamExpression>(); List<StreamExpression> matchingStreamExpressions = new ArrayList<>();
List<StreamExpression> allStreamExpressions = getExpressionOperands(expression); List<StreamExpression> allStreamExpressions = getExpressionOperands(expression);
parameterLoop: parameterLoop:
@ -215,10 +215,9 @@ public class StreamFactory implements Serializable {
public TupleStream constructStream(StreamExpression expression) throws IOException{ public TupleStream constructStream(StreamExpression expression) throws IOException{
String function = expression.getFunctionName(); String function = expression.getFunctionName();
if(functionNames.containsKey(function)){ if(functionNames.containsKey(function)){
Class clazz = functionNames.get(function); Class<? extends Expressible> clazz = functionNames.get(function);
if(Expressible.class.isAssignableFrom(clazz) && TupleStream.class.isAssignableFrom(clazz)){ if(Expressible.class.isAssignableFrom(clazz) && TupleStream.class.isAssignableFrom(clazz)){
TupleStream stream = (TupleStream)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); return (TupleStream)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this});
return stream;
} }
} }
@ -231,10 +230,9 @@ public class StreamFactory implements Serializable {
public Metric constructMetric(StreamExpression expression) throws IOException{ public Metric constructMetric(StreamExpression expression) throws IOException{
String function = expression.getFunctionName(); String function = expression.getFunctionName();
if(functionNames.containsKey(function)){ if(functionNames.containsKey(function)){
Class clazz = functionNames.get(function); Class<? extends Expressible> clazz = functionNames.get(function);
if(Expressible.class.isAssignableFrom(clazz) && Metric.class.isAssignableFrom(clazz)){ if(Expressible.class.isAssignableFrom(clazz) && Metric.class.isAssignableFrom(clazz)){
Metric metric = (Metric)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); return (Metric)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this});
return metric;
} }
} }
@ -272,7 +270,7 @@ public class StreamFactory implements Serializable {
else if(null == rightFieldName){ else if(null == rightFieldName){
rightFieldName = part.trim(); rightFieldName = part.trim();
} }
else if(null == order){ else {
order = part.trim(); order = part.trim();
break; // we're done, stop looping break; // we're done, stop looping
} }
@ -334,7 +332,7 @@ public class StreamFactory implements Serializable {
public StreamOperation constructOperation(StreamExpression expression) throws IOException{ public StreamOperation constructOperation(StreamExpression expression) throws IOException{
String function = expression.getFunctionName(); String function = expression.getFunctionName();
if(functionNames.containsKey(function)){ if(functionNames.containsKey(function)){
Class clazz = functionNames.get(function); Class<? extends Expressible> clazz = functionNames.get(function);
if(Expressible.class.isAssignableFrom(clazz) && StreamOperation.class.isAssignableFrom(clazz)){ if(Expressible.class.isAssignableFrom(clazz) && StreamOperation.class.isAssignableFrom(clazz)){
return (StreamOperation)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this}); return (StreamOperation)createInstance(functionNames.get(function), new Class[]{ StreamExpression.class, StreamFactory.class }, new Object[]{ expression, this});
} }
@ -360,8 +358,8 @@ public class StreamFactory implements Serializable {
} }
} }
public String getFunctionName(Class clazz) throws IOException{ public String getFunctionName(Class<? extends Expressible> clazz) throws IOException{
for(Entry<String,Class> entry : functionNames.entrySet()){ for(Entry<String,Class<? extends Expressible>> entry : functionNames.entrySet()){
if(entry.getValue() == clazz){ if(entry.getValue() == clazz){
return entry.getKey(); return entry.getKey();
} }
@ -375,9 +373,9 @@ public class StreamFactory implements Serializable {
if("null".equals(lower)){ return null; } if("null".equals(lower)){ return null; }
if("true".equals(lower) || "false".equals(lower)){ return Boolean.parseBoolean(lower); } if("true".equals(lower) || "false".equals(lower)){ return Boolean.parseBoolean(lower); }
try{ return Long.valueOf(original); } catch(Exception e){}; try{ return Long.valueOf(original); } catch(Exception ignored){};
try{ if (original.matches(".{1,8}")){ return Float.valueOf(original); }} catch(Exception e){}; try{ if (original.matches(".{1,8}")){ return Float.valueOf(original); }} catch(Exception ignored){};
try{ if (original.matches(".{1,17}")){ return Double.valueOf(original); }} catch(Exception e){}; try{ if (original.matches(".{1,17}")){ return Double.valueOf(original); }} catch(Exception ignored){};
// is a string // is a string
return original; return original;