github-advanced-security[bot] commented on code in PR #19574:
URL: https://github.com/apache/druid/pull/19574#discussion_r3396457180
##########
embedded-tests/src/test/java/org/apache/druid/testing/embedded/msq/S3ExternQueryTest.java:
##########
@@ -202,6 +277,57 @@
.build(),
RequestBody.fromBytes(gzBytes)
);
+
+ s3Client.putObject(
+ PutObjectRequest.builder()
+ .bucket(storageResource.getBucket())
+ .key(DATA_PATH + "/" + PARQUET_FILE)
+ .build(),
+ RequestBody.fromBytes(generateParquet())
+ );
+ }
+
+ /**
+ * Generates a small Parquet file with the same {@code (page, added)} rows
used by the JSON tests.
+ */
+ private static byte[] generateParquet() throws IOException
+ {
+ final Schema schema = new Schema.Parser().parse(
+ "{\"type\":\"record\",\"name\":\"row\",\"fields\":["
+ + "{\"name\":\"page\",\"type\":\"string\"},"
+ + "{\"name\":\"added\",\"type\":\"long\"}]}"
+ );
+
+ final File tmpFile = File.createTempFile("extern-input", ".parquet");
Review Comment:
## CodeQL / Local information disclosure in a temporary directory
Local information disclosure vulnerability due to use of file readable by
other local users.
[Show more
details](https://github.com/apache/druid/security/code-scanning/11301)
##########
embedded-tests/src/test/java/org/apache/druid/testing/embedded/msq/S3ExternQueryTest.java:
##########
@@ -202,6 +277,57 @@
.build(),
RequestBody.fromBytes(gzBytes)
);
+
+ s3Client.putObject(
+ PutObjectRequest.builder()
+ .bucket(storageResource.getBucket())
+ .key(DATA_PATH + "/" + PARQUET_FILE)
+ .build(),
+ RequestBody.fromBytes(generateParquet())
+ );
+ }
+
+ /**
+ * Generates a small Parquet file with the same {@code (page, added)} rows
used by the JSON tests.
+ */
+ private static byte[] generateParquet() throws IOException
+ {
+ final Schema schema = new Schema.Parser().parse(
+ "{\"type\":\"record\",\"name\":\"row\",\"fields\":["
+ + "{\"name\":\"page\",\"type\":\"string\"},"
+ + "{\"name\":\"added\",\"type\":\"long\"}]}"
+ );
+
+ final File tmpFile = File.createTempFile("extern-input", ".parquet");
+ // AvroParquetWriter creates the file itself and fails if it already
exists.
+ Files.delete(tmpFile.toPath());
+
+ try (ParquetWriter<GenericRecord> writer =
+ AvroParquetWriter.<GenericRecord>builder(new
Path(tmpFile.toURI()))
Review Comment:
## CodeQL / Deprecated method or constructor invocation
Invoking [AvroParquetWriter.builder](1) should be avoided because it has
been deprecated.
[Show more
details](https://github.com/apache/druid/security/code-scanning/11302)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
