sonatype-lift[bot] commented on a change in pull request #264:
URL: https://github.com/apache/solr/pull/264#discussion_r694349095
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
}
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchema.
+ */
+ public String lookupZKManagedSchemaPath() {
+ final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+ final ZkController zkController = zkLoader.getZkController();
+ final SolrZkClient zkClient = zkController.getZkClient();
+ String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" +
managedSchemaResourceName;
+ final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/"
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+ try {
+ // check if we are using the legacy managed-schema file name.
+ if (zkClient.exists(legacyManagedSchemaPath, true)){
+ log.debug("Legacy managed schema resource {} found - loading legacy
managed schema instead of {} file."
+ , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME,
managedSchemaResourceName);
+ managedSchemaPath = legacyManagedSchemaPath;
+ }
+ } catch (KeeperException e) {
+ throw new RuntimeException(e);
+ } catch (InterruptedException e) {
+ // Restore the interrupted status
+ Thread.currentThread().interrupt();
+ throw new RuntimeException(e);
+ }
+ return managedSchemaPath;
+ }
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchemaFactory.
+ * @see
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+ */
+ public File lookupLocalManagedSchemaPath() {
+ final File legacyManagedSchemaPath = new
File(loader.getConfigPath().toFile(),
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);
+
+ File managedSchemaFile = new File(loader.getConfigPath().toFile(),
managedSchemaResourceName);
Review comment:
*PATH_TRAVERSAL_IN:* This API
(java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose
location might be specified by user input
[(details)](https://find-sec-bugs.github.io/bugs.htm#PATH_TRAVERSAL_IN)
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
Review comment:
*THREAD_SAFETY_VIOLATION:* Read/Write race. Non-private method
`ManagedIndexSchemaFactory.getSchemaResourceName(...)` reads without
synchronization from `this.managedSchemaResourceName`. Potentially races with
write in method `ManagedIndexSchemaFactory.create(...)`.
Reporting because another access to the same memory occurs on a background
thread, although this access may not.
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
}
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchema.
+ */
+ public String lookupZKManagedSchemaPath() {
+ final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+ final ZkController zkController = zkLoader.getZkController();
+ final SolrZkClient zkClient = zkController.getZkClient();
+ String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" +
managedSchemaResourceName;
+ final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/"
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+ try {
+ // check if we are using the legacy managed-schema file name.
+ if (zkClient.exists(legacyManagedSchemaPath, true)){
+ log.debug("Legacy managed schema resource {} found - loading legacy
managed schema instead of {} file."
+ , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME,
managedSchemaResourceName);
+ managedSchemaPath = legacyManagedSchemaPath;
+ }
+ } catch (KeeperException e) {
+ throw new RuntimeException(e);
+ } catch (InterruptedException e) {
+ // Restore the interrupted status
+ Thread.currentThread().interrupt();
+ throw new RuntimeException(e);
+ }
+ return managedSchemaPath;
+ }
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchemaFactory.
+ * @see
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+ */
+ public File lookupLocalManagedSchemaPath() {
+ final File legacyManagedSchemaPath = new
File(loader.getConfigPath().toFile(),
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);
Review comment:
*THREAD_SAFETY_VIOLATION:* Read/Write race. Non-private method
`ManagedIndexSchemaFactory.lookupLocalManagedSchemaPath()` reads without
synchronization from `this.loader`. Potentially races with write in method
`ManagedIndexSchemaFactory.create(...)`.
Reporting because another access to the same memory occurs on a background
thread, although this access may not.
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
}
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchema.
+ */
+ public String lookupZKManagedSchemaPath() {
+ final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+ final ZkController zkController = zkLoader.getZkController();
+ final SolrZkClient zkClient = zkController.getZkClient();
+ String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" +
managedSchemaResourceName;
+ final String legacyManagedSchemaPath = zkLoader.getConfigSetZkPath() + "/"
+ ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME;
+ try {
+ // check if we are using the legacy managed-schema file name.
+ if (zkClient.exists(legacyManagedSchemaPath, true)){
+ log.debug("Legacy managed schema resource {} found - loading legacy
managed schema instead of {} file."
+ , ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME,
managedSchemaResourceName);
+ managedSchemaPath = legacyManagedSchemaPath;
+ }
+ } catch (KeeperException e) {
+ throw new RuntimeException(e);
+ } catch (InterruptedException e) {
+ // Restore the interrupted status
+ Thread.currentThread().interrupt();
+ throw new RuntimeException(e);
+ }
+ return managedSchemaPath;
+ }
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchemaFactory.
+ * @see
org.apache.solr.schema.ManagedIndexSchemaFactory#lookupZKManagedSchemaPath
+ */
+ public File lookupLocalManagedSchemaPath() {
+ final File legacyManagedSchemaPath = new
File(loader.getConfigPath().toFile(),
ManagedIndexSchemaFactory.LEGACY_MANAGED_SCHEMA_RESOURCE_NAME);
+
+ File managedSchemaFile = new File(loader.getConfigPath().toFile(),
managedSchemaResourceName);
Review comment:
*THREAD_SAFETY_VIOLATION:* Read/Write race. Non-private method
`ManagedIndexSchemaFactory.lookupLocalManagedSchemaPath()` reads without
synchronization from `this.managedSchemaResourceName`. Potentially races with
write in method `ManagedIndexSchemaFactory.create(...)`.
Reporting because another access to the same memory occurs on a background
thread, although this access may not.
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
}
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchema.
+ */
+ public String lookupZKManagedSchemaPath() {
+ final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
Review comment:
*THREAD_SAFETY_VIOLATION:* Read/Write race. Non-private method
`ManagedIndexSchemaFactory.lookupZKManagedSchemaPath()` reads without
synchronization from `this.loader`. Potentially races with write in method
`ManagedIndexSchemaFactory.create(...)`.
Reporting because another access to the same memory occurs on a background
thread, although this access may not.
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
##########
File path:
solr/core/src/java/org/apache/solr/schema/ManagedIndexSchemaFactory.java
##########
@@ -91,6 +92,66 @@ public void init(NamedList<?> args) {
public String getSchemaResourceName(String cdResourceName) {
return managedSchemaResourceName; // actually a guess; reality depends on
the actual files in the config set :-(
}
+
+ /**
+ * Lookup the path to the managed schema, dealing with falling back to the
+ * legacy managed-schema file, instead of the expected managed-schema.xml
file.
+ *
+ * This method is duplicated in ManagedIndexSchema.
+ */
+ public String lookupZKManagedSchemaPath() {
+ final ZkSolrResourceLoader zkLoader = (ZkSolrResourceLoader)loader;
+ final ZkController zkController = zkLoader.getZkController();
+ final SolrZkClient zkClient = zkController.getZkClient();
+ String managedSchemaPath = zkLoader.getConfigSetZkPath() + "/" +
managedSchemaResourceName;
Review comment:
*THREAD_SAFETY_VIOLATION:* Read/Write race. Non-private method
`ManagedIndexSchemaFactory.lookupZKManagedSchemaPath()` reads without
synchronization from `this.managedSchemaResourceName`. Potentially races with
write in method `ManagedIndexSchemaFactory.create(...)`.
Reporting because another access to the same memory occurs on a background
thread, although this access may not.
(at-me [in a reply](https://help.sonatype.com/lift) with `help` or `ignore`)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
