This is an automated email from the ASF dual-hosted git repository.
luozenglin pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new aedb9ed16c3 [cherry-pick](udf) add the switch enable_java_udf to
control the creation and use of java_udf. (#26213) (#26411)
aedb9ed16c3 is described below
commit aedb9ed16c306797eb4610d5a03df29c800b14bd
Author: luozenglin <luozeng...@baidu.com>
AuthorDate: Fri Nov 3 19:32:47 2023 +0800
[cherry-pick](udf) add the switch enable_java_udf to control the creation
and use of java_udf. (#26213) (#26411)
---
.../src/main/java/org/apache/doris/common/Config.java | 8 ++++++++
.../java/org/apache/doris/analysis/CreateFunctionStmt.java | 3 +++
.../java/org/apache/doris/analysis/FunctionCallExpr.java | 4 ++++
.../java/org/apache/doris/catalog/FunctionRegistry.java | 1 +
.../main/java/org/apache/doris/catalog/FunctionUtil.java | 13 +++++++++++++
5 files changed, 29 insertions(+)
diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
index 74c6de0b4e5..053ab159521 100644
--- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
+++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
@@ -2207,6 +2207,14 @@ public class Config extends ConfigBase {
})
public static String access_control_allowed_origin_domain = "*";
+ @ConfField(description = {
+ "开启java_udf,
默认为true。如果该配置为false,则禁止创建和使用java_udf。在一些场景下关闭该配置可防止命令注入攻击。",
+ "Used to enable java_udf, default is true. if this configuration
is false, creation and use of java_udf is "
+ + "disabled. in some scenarios it may be necessary to
disable this configuration to prevent "
+ + "command injection attacks."
+ })
+ public static boolean enable_java_udf = true;
+
@ConfField(description = {
"是否忽略 Image 文件中未知的模块。如果为 true,不在 PersistMetaModules.MODULE_NAMES
中的元数据模块将被忽略并跳过。"
+ "默认为 false,如果 Image 文件中包含未知的模块,Doris 将会抛出异常。"
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateFunctionStmt.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateFunctionStmt.java
index c50acda716f..ac1ba1b4e65 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateFunctionStmt.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/CreateFunctionStmt.java
@@ -23,6 +23,7 @@ import org.apache.doris.catalog.ArrayType;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Function;
import org.apache.doris.catalog.Function.NullableMode;
+import org.apache.doris.catalog.FunctionUtil;
import org.apache.doris.catalog.MapType;
import org.apache.doris.catalog.ScalarFunction;
import org.apache.doris.catalog.ScalarType;
@@ -260,6 +261,8 @@ public class CreateFunctionStmt extends DdlStmt {
}
}
if (binaryType == TFunctionBinaryType.JAVA_UDF) {
+ FunctionUtil.checkEnableJavaUdf();
+
String returnNullModeStr = properties.get(IS_RETURN_NULL);
if (returnNullModeStr == null) {
return;
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java
b/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java
index d02c5e5ddc0..6345c25395a 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/analysis/FunctionCallExpr.java
@@ -28,6 +28,7 @@ import org.apache.doris.catalog.DatabaseIf;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Function;
import org.apache.doris.catalog.FunctionSet;
+import org.apache.doris.catalog.FunctionUtil;
import org.apache.doris.catalog.MapType;
import org.apache.doris.catalog.ScalarFunction;
import org.apache.doris.catalog.ScalarType;
@@ -1602,6 +1603,9 @@ public class FunctionCallExpr extends Expr {
if (analyzer.isReAnalyze() && fn instanceof AliasFunction)
{
throw new AnalysisException("a UDF in the original
function of a alias function");
}
+ if (fn != null) {
+ FunctionUtil.checkEnableJavaUdf();
+ }
}
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
index f320f753ec7..bb26f2bef52 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionRegistry.java
@@ -146,6 +146,7 @@ public class FunctionRegistry {
List<FunctionBuilder> candidate =
name2UdfBuilders.getOrDefault(scope, ImmutableMap.of())
.get(name.toLowerCase());
if (candidate != null && !candidate.isEmpty()) {
+ FunctionUtil.checkEnableJavaUdfForNereids();
return candidate;
}
}
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionUtil.java
b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionUtil.java
index 34f3a8b6f94..9f9c59e1074 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionUtil.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/catalog/FunctionUtil.java
@@ -21,6 +21,7 @@ import org.apache.doris.analysis.Analyzer;
import org.apache.doris.analysis.SetType;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AnalysisException;
+import org.apache.doris.common.Config;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.UserException;
@@ -257,4 +258,16 @@ public class FunctionUtil {
}
return false;
}
+
+ public static void checkEnableJavaUdf() throws AnalysisException {
+ if (!Config.enable_java_udf) {
+ throw new AnalysisException("java_udf has been disabled.");
+ }
+ }
+
+ public static void checkEnableJavaUdfForNereids() {
+ if (!Config.enable_java_udf) {
+ throw new
org.apache.doris.nereids.exceptions.AnalysisException("java_udf has been
disabled.");
+ }
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
