From a276a0f42788044087a05561def9f7c7b9582081 Mon Sep 17 00:00:00 2001 From: Eric Pugh Date: Tue, 27 Aug 2024 06:49:19 -0400 Subject: [PATCH] SOLR-12429: Prevent symbolic links from being uploaded as part of a configset (#2651) * Add a check (and a test) of a symbolic link --- solr/CHANGES.txt | 2 +- .../apache/solr/util/FileTypeMagicUtil.java | 8 +++++++ solr/packaging/test/test_zk.bats | 22 ++++++++++++++++++- 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index 1883da984d6..626a090abfc 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -133,7 +133,7 @@ Optimizations Bug Fixes --------------------- -(No changes) +* SOLR-12429: Uploading a configset with a symbolic link produces a IOException. Now a error message to user generated instead. (Eric Pugh) Dependency Upgrades --------------------- diff --git a/solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java b/solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java index 692cda83bd3..f9e349b3f25 100644 --- a/solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java +++ b/solr/core/src/java/org/apache/solr/util/FileTypeMagicUtil.java @@ -60,6 +60,14 @@ public static void assertConfigSetFolderLegal(Path confPath) throws IOException new SimpleFileVisitor<>() { @Override public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) { + if (Files.isSymbolicLink(file)) { + throw new SolrException( + SolrException.ErrorCode.BAD_REQUEST, + String.format( + Locale.ROOT, + "Not uploading symbolic link %s to configset, as symbolic links are not supported in ZooKeeper", + file)); + } if (FileTypeMagicUtil.isFileForbiddenInConfigset(file)) { throw new SolrException( SolrException.ErrorCode.BAD_REQUEST, diff --git a/solr/packaging/test/test_zk.bats b/solr/packaging/test/test_zk.bats index 87c2501beba..6c776c411ed 100644 --- a/solr/packaging/test/test_zk.bats +++ b/solr/packaging/test/test_zk.bats @@ -115,7 +115,7 @@ teardown() { sleep 1 run solr zk ls / -z localhost:${ZK_PORT} assert_output --partial "myfile3.txt" - + run solr zk cp zk:/ -r "${BATS_TEST_TMPDIR}/recursive_download/" [ -e "${BATS_TEST_TMPDIR}/recursive_download/myfile.txt" ] [ -e "${BATS_TEST_TMPDIR}/recursive_download/myfile2.txt" ] @@ -139,6 +139,26 @@ teardown() { assert_output --partial '"configSets":["_default","techproducts2"]' } +@test "SOLR-12429 test upconfig fails with symlink" { + # should be unit test but had problems with Java SecurityManager and symbolic links + local source_configset_dir="${SOLR_TIP}/server/solr/configsets/sample_techproducts_configs" + test -d $source_configset_dir + + ln -s ${source_configset_dir}/conf/stopwords.txt ${source_configset_dir}/conf/symlinked_stopwords.txt + ln -s ${source_configset_dir}/conf/lang ${source_configset_dir}/conf/language + + # Use the -L option to confirm we have a symlink + [ -L ${source_configset_dir}/conf/symlinked_stopwords.txt ] + [ -L ${source_configset_dir}/conf/language ] + + run solr zk upconfig -d ${source_configset_dir} -n techproducts_with_symlinks -z localhost:${ZK_PORT} + assert_output --partial "Uploading" + assert_output --partial "ERROR: Not uploading symbolic link" + + rm ${source_configset_dir}/conf/symlinked_stopwords.txt + rm -d ${source_configset_dir}/conf/language +} + @test "downconfig" { run solr zk downconfig -z localhost:${ZK_PORT} -n _default -d "${BATS_TEST_TMPDIR}/downconfig" assert_output --partial "Downloading"