Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-12429: Prevent symbolic links from being uploaded as part of a configset #2651

Merged
merged 4 commits into from
Aug 27, 2024
Merged

SOLR-12429: Prevent symbolic links from being uploaded as part of a configset #2651

merged 4 commits into from
Aug 27, 2024

Conversation

epugh
Copy link
Contributor

@epugh epugh commented Aug 16, 2024

https://issues.apache.org/jira/browse/SOLR-12429

Description

Preventing the upload of a configset via bin/solr zk upload that contains symbolic links to files and dirs. This prevents a obscure error message, and tells the user what went wrong.

Solution

I added a check in FileTypeMagicUtil which maybe not quite perfect, but let me tap into a custom error message. Maybe the class should be renamed to "ConfigSetFileValidator" ???

Because of java security manager limitations, my attempt to create a symbolic file and directory in a unit test failed, so I backed out and added a BATS style test instead.

I did notice some other places where MAGIC file checking is done, BackupManager, ZkConfigSetService.. But not sure in those situations you can actually get a symbolic link in those places, since you are "inside solr" not on a file system...

Tests

Bats and manual.

Checklist

Please review the following and check all that apply:

  • I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
  • I have created a Jira issue and added the issue ID to my pull request title.
  • I have given Solr maintainers access to contribute to my PR branch. (optional but recommended)
  • I have developed this patch against the main branch.
  • I have run ./gradlew check.
  • I have added tests for my changes.
  • I have added documentation for the Reference Guide

@epugh epugh requested a review from janhoy August 16, 2024 13:44
fsparv
fsparv reviewed Aug 16, 2024
View reviewed changes
solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java
@@ -60,6 +60,14 @@ public static void assertConfigSetFolderLegal(Path confPath) throws IOException
new SimpleFileVisitor<>() {
@Override
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
if (Files.isSymbolicLink(file)) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah so much easier then when I had to detect symlinks for Apache Ant back in the day :) (https://bz.apache.org/bugzilla/show_bug.cgi?id=1550#c14)

However, I'm not sure it's valid to assume the user never wants to follow symbolic link. I can certainly imagine cases where folks would use a symlink for things they wanted to keep synced across config sets. It seems to me the correct behavior is to A) check for loops and fail if the symlinks are circular, and B) unroll the symlink (possibly emitting a warning) so that the contents are represented as the same tree that a person navigating with a shell would perceive.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^ me on wrong browser again

Copy link
Contributor Author

@epugh epugh Aug 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, right now symbolic links don't work, they blow up with a cryptic error. This PR 's goal is to replace the cryptic error with a nicer error! I think your suggestion is interesting, and if we wanted to support symbolic link lookup, that sounds like a nice addition to do in a separate PR that removes the limitation. It isn't an immediate itch for me to scratch however. Does that sound reasonable?

gus-asf
gus-asf requested changes Aug 16, 2024
View reviewed changes
solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java
@@ -60,6 +60,14 @@ public static void assertConfigSetFolderLegal(Path confPath) throws IOException
new SimpleFileVisitor<>() {
@Override
public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) {
if (Files.isSymbolicLink(file)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

^ me on wrong browser again

@epugh
Copy link
Contributor Author

epugh commented Aug 27, 2024

I am going to merge this PR, however if we want to pair on supporting symbolic links in another PR, all for supporting that!

@epugh epugh merged commit a276a0f into apache:main Aug 27, 2024
4 of 5 checks passed
epugh added a commit that referenced this pull request Aug 27, 2024
@epugh
SOLR-12429: Prevent symbolic links from being uploaded as part of a c…
c3eaa19 
…onfigset (#2651)

* Add a check (and a test) of a symbolic link

(cherry picked from commit a276a0f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fsparv fsparv fsparv left review comments

@gus-asf gus-asf gus-asf requested changes

@janhoy janhoy Awaiting requested review from janhoy

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@epugh @fsparv @gus-asf