CalvinKirs opened a new pull request, #44612:
URL: https://github.com/apache/doris/pull/44612
## Purpose:
To improve the security of audit log files, a new method
checkAuditLogFileName has been added to validate the file name and path to
ensure they meet security requirements. This method is designed to prevent
invalid file names and path traversal attacks, ensuring that only files within
the designated directory can be accessed.↳
### Changes:
#### File Name Validation:
A regular expression check has been added to validate the file name:
^[a-zA-Z0-9._-]+$, restricting the file name to letters, numbers, dots,
underscores, and hyphens.
If the file name contains invalid characters (e.g., spaces, path traversal
characters), a SecurityException is thrown with the message “Invalid file name.”
Path Validation:
The file name is resolved into a normalized path, and it is checked to
ensure that it is within the allowed directory.
The path is constructed using
Paths.get(Config.audit_log_dir).resolve(logFile).normalize(). If the path does
not start with the specified audit log directory (Config.audit_log_dir),
indicating an attempt to access outside the permitted directory (e.g., a path
traversal attack), a SecurityException is thrown with the message “Invalid file
path: Access outside of permitted directory.”
### Check List (For Author)
- Test <!-- At least one of them must be included. -->
- [ ] Regression test
- [ ] Unit Test
- [ ] Manual test (add detailed scripts or steps below)
```
calvinkirs@CalvinKirss-MBP fe % curl -u root: -I
"http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=../LICENSE";
HTTP/1.1 200 OK
Date: Tue, 26 Nov 2024 06:49:56 GMT
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
file_infos:
{"fe.audit.log":2480,"fe.audit.log.20241030-1":87297,"fe.audit.log.20241031-1":1250,"fe.audit.log.20241101-1":260067,"fe.audit.log.20241106-1":523614,"fe.audit.log.20241107-1":83146,"fe.audit.log.20241108-1":190639,"fe.audit.log.20241110-1":5071,"fe.audit.log.20241111-1":668553,"fe.audit.log.20241119-1":471175,"fe.audit.log.20241120-1":17077,"fe.audit.log.20241125-1":760146}
Content-Type: application/json
Transfer-Encoding: chunked
calvinkirs@CalvinKirss-MBP fe % curl -u root: -X GET
"http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=audit_log_dir/../LICENSE";
{"msg":"Internal Error","code":500,"data":"Invalid file name","count":0}%
calvinkirs@CalvinKirss-MBP fe
% curl -u root: -X GET
"http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=audit_log_dir/%2e%2e%2f%2e%2e%2fetc%2fpasswd";
{"msg":"Internal Error","code":500,"data":"Invalid file name","count":0}%
```
- Behavior changed:
- [ ] No.
- [ ] Yes. <!-- Explain the behavior change -->
- Does this need documentation?
- [ ] No.
- [ ] Yes. <!-- Add document PR link here. eg:
https://github.com/apache/doris-website/pull/1214 -->
### Check List (For Reviewer who merge this PR)
- [ ] Confirm the release note
- [ ] Confirm test cases
- [ ] Confirm document
- [ ] Add branch pick label <!-- Add branch pick label that this PR should
merge into -->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
