KYLIN-2252, Enhance project/model/cube name check
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/1e787165 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/1e787165 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/1e787165 Branch: refs/heads/master-hbase1.x Commit: 1e787165edee713a59db8627e70f79edabfd7d9d Parents: ea13af4 Author: Billy Liu <billy...@apache.org> Authored: Wed Dec 7 09:42:58 2016 +0800 Committer: Billy Liu <billy...@apache.org> Committed: Wed Dec 7 09:42:58 2016 +0800 ---------------------------------------------------------------------- .../org/apache/kylin/rest/controller/CubeController.java | 10 ++++++++++ .../apache/kylin/rest/controller/CubeDescController.java | 4 ++-- .../org/apache/kylin/rest/controller/ModelController.java | 10 ++++++++++ .../apache/kylin/rest/controller/ProjectController.java | 10 +++++++++- 4 files changed, 31 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/1e787165/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java index 3846d28..f537231 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeController.java @@ -83,6 +83,8 @@ import com.google.common.collect.Maps; public class CubeController extends BasicController { private static final Logger logger = LoggerFactory.getLogger(CubeController.class); + private static final char[] VALID_CUBENAME = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_".toCharArray(); + @Autowired private CubeService cubeService; @@ -343,6 +345,10 @@ public class CubeController extends BasicController { if (cube.getStatus() == RealizationStatusEnum.DESCBROKEN) { throw new BadRequestException("Broken cube can't be cloned"); } + if (!StringUtils.containsOnly(newCubeName, VALID_CUBENAME)) { + logger.info("Invalid Cube name {}, only letters, numbers and underline supported.", newCubeName); + throw new BadRequestException("Invalid Cube name, only letters, numbers and underline supported."); + } CubeDesc cubeDesc = cube.getDescriptor(); CubeDesc newCubeDesc = CubeDesc.getCopyOf(cubeDesc); @@ -421,6 +427,10 @@ public class CubeController extends BasicController { logger.info("Cube name should not be empty."); throw new BadRequestException("Cube name should not be empty."); } + if (!StringUtils.containsOnly(name, VALID_CUBENAME)) { + logger.info("Invalid Cube name {}, only letters, numbers and underline supported.", name); + throw new BadRequestException("Invalid Cube name, only letters, numbers and underline supported."); + } try { desc.setUuid(UUID.randomUUID().toString()); http://git-wip-us.apache.org/repos/asf/kylin/blob/1e787165/server-base/src/main/java/org/apache/kylin/rest/controller/CubeDescController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeDescController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeDescController.java index 5a8eeec..0c8f487 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/CubeDescController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/CubeDescController.java @@ -44,8 +44,8 @@ public class CubeDescController extends BasicController { /** * Get detail information of the "Cube ID" * - * @param cubeDescName - * Cube ID + * @param cubeName + * Cube Name * @return * @throws IOException */ http://git-wip-us.apache.org/repos/asf/kylin/blob/1e787165/server-base/src/main/java/org/apache/kylin/rest/controller/ModelController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/ModelController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/ModelController.java index 5f6a91b..df9ecfb 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/ModelController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/ModelController.java @@ -61,6 +61,8 @@ import com.fasterxml.jackson.databind.JsonMappingException; public class ModelController extends BasicController { private static final Logger logger = LoggerFactory.getLogger(ModelController.class); + private static final char[] VALID_MODELNAME = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_".toCharArray(); + @Autowired private ModelService modelService; @@ -93,6 +95,10 @@ public class ModelController extends BasicController { logger.info("Model name should not be empty."); throw new BadRequestException("Model name should not be empty."); } + if (!StringUtils.containsOnly(modelDesc.getName(), VALID_MODELNAME)) { + logger.info("Invalid Model name {}, only letters, numbers and underline supported.", modelDesc.getName()); + throw new BadRequestException("Invalid Model name, only letters, numbers and underline supported."); + } try { modelDesc.setUuid(UUID.randomUUID().toString()); @@ -174,6 +180,10 @@ public class ModelController extends BasicController { logger.info("New model name is empty."); throw new BadRequestException("New model name is empty."); } + if (!StringUtils.containsOnly(newModelName, VALID_MODELNAME)) { + logger.info("Invalid Model name {}, only letters, numbers and underline supported.", newModelName); + throw new BadRequestException("Invalid Model name, only letters, numbers and underline supported."); + } DataModelDesc newModelDesc = DataModelDesc.getCopyOf(modelDesc); newModelDesc.setName(newModelName); http://git-wip-us.apache.org/repos/asf/kylin/blob/1e787165/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java index 496e44a..05af82c 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/ProjectController.java @@ -27,6 +27,7 @@ import org.apache.kylin.common.persistence.AclEntity; import org.apache.kylin.cube.CubeInstance; import org.apache.kylin.metadata.project.ProjectInstance; import org.apache.kylin.rest.constant.Constant; +import org.apache.kylin.rest.exception.BadRequestException; import org.apache.kylin.rest.exception.InternalErrorException; import org.apache.kylin.rest.request.CreateProjectRequest; import org.apache.kylin.rest.request.UpdateProjectRequest; @@ -60,6 +61,8 @@ import org.springframework.web.bind.annotation.ResponseBody; public class ProjectController extends BasicController { private static final Logger logger = LoggerFactory.getLogger(ProjectController.class); + private static final char[] VALID_PROJECTNAME = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_".toCharArray(); + @Autowired private ProjectService projectService; @Autowired @@ -197,7 +200,12 @@ public class ProjectController extends BasicController { @ResponseBody public ProjectInstance saveProject(@RequestBody CreateProjectRequest projectRequest) { if (StringUtils.isEmpty(projectRequest.getName())) { - throw new InternalErrorException("A project name must be given to create a project"); + logger.info("Project name should not be empty."); + throw new BadRequestException("Project name should not be empty."); + } + if (!StringUtils.containsOnly(projectRequest.getName(), VALID_PROJECTNAME)) { + logger.info("Invalid Project name {}, only letters, numbers and underline supported.", projectRequest.getName()); + throw new BadRequestException("Invalid Project name, only letters, numbers and underline supported."); } ProjectInstance createdProj = null;
