Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] change js engine #15747

Merged
merged 4 commits into from Mar 22, 2024
Merged

[Improvement] change js engine #15747

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
388e0cf
change js engine
caishunfeng Mar 20, 2024
1fa2472
add dependent jar
caishunfeng Mar 21, 2024
735c452
Merge branch 'dev' into fix/js_engine
caishunfeng Mar 21, 2024
7d13d65
Merge branch 'dev' into fix/js_engine
caishunfeng Mar 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 7 additions & 0 deletions dolphinscheduler-bom/pom.xml
View file
Open in desktop
Expand Up @@ -123,6 +123,7 @@
<checker-qual.version>3.19.0</checker-qual.version>
<zeppelin-client.version>0.10.1</zeppelin-client.version>
<aliyun-voice.version>2.1.4</aliyun-voice.version>
<nashorn-sandbox.version>0.3.2</nashorn-sandbox.version>
</properties>

<dependencyManagement>
Expand Down Expand Up @@ -966,6 +967,12 @@
<artifactId>dyvmsapi20170525</artifactId>
<version>${aliyun-voice.version}</version>
</dependency>

<dependency>
<groupId>org.javadelight</groupId>
<artifactId>delight-nashorn-sandbox</artifactId>
<version>${nashorn-sandbox.version}</version>
</dependency>
</dependencies>
</dependencyManagement>

Expand Down
5 changes: 5 additions & 0 deletions dolphinscheduler-common/pom.xml
View file
Open in desktop
Expand Up @@ -177,5 +177,10 @@
</exclusion>
</exclusions>
</dependency>

<dependency>
<groupId>org.javadelight</groupId>
<artifactId>delight-nashorn-sandbox</artifactId>
</dependency>
</dependencies>
</project>
1 change: 1 addition & 0 deletions dolphinscheduler-dist/release-docs/LICENSE
View file
Open in desktop
Expand Up @@ -572,6 +572,7 @@ The text of each license is also included at licenses/LICENSE-[project].txt.
tea-rpc 0.0.11.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
tea-rpc-util 0.1.3.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
tea-util 0.2.13.jar https://github.com/aliyun/aliyun-openapi-java-sdk/blob/master/README.md#license Apache 2.0
delight-nashorn-sandbox 0.3.2 https://github.com/javadelight/delight-nashorn-sandbox/blob/master/README.md#license Apache 2.0



Expand Down
883 changes: 883 additions & 0 deletions dolphinscheduler-dist/release-docs/licenses/LICENSE-delight-nashorn-sandbox.TXT
View file
Open in desktop

Large diffs are not rendered by default.

34 changes: 6 additions & 28 deletions ...master/src/main/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtils.java
View file
Open in desktop
Expand Up @@ -23,46 +23,30 @@
import org.apache.commons.collections4.MapUtils;

import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import javax.script.ScriptException;

import lombok.extern.slf4j.Slf4j;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;

import delight.nashornsandbox.NashornSandbox;
import delight.nashornsandbox.NashornSandboxes;

@Slf4j
public class SwitchTaskUtils {

private static final ScriptEngineManager manager;
private static final ScriptEngine engine;
private static final NashornSandbox sandbox;
private static final String rgex = "['\"]*\\$\\{(.*?)\\}['\"]*";

private static final Set<String> blackKeySet = Sets.newHashSet(
"java",
"invoke",
"new",
"eval",
"function",
"import",
".",
"()",
"[",
"]",
"\\\\");

static {
manager = new ScriptEngineManager();
engine = manager.getEngineByName("js");
sandbox = NashornSandboxes.create();
}

public static boolean evaluate(String expression) throws ScriptException {
Object result = engine.eval(expression);
Object result = sandbox.eval(expression);
return Boolean.TRUE.equals(result);
}

Expand Down Expand Up @@ -98,12 +82,6 @@ public static String generateContentWithTaskParams(String condition, Map<String,
content = content.replace("${" + paramName + "}", value);
}

for (String blackKey : blackKeySet) {
if (content.contains(blackKey)) {
throw new IllegalArgumentException("condition is not valid, please check it. condition: " + condition);
}
}

// if not replace any params, throw exception to avoid illegal condition
if (originContent.equals(content)) {
throw new IllegalArgumentException("condition is not valid, please check it. condition: " + condition);
Expand Down
17 changes: 11 additions & 6 deletions ...er/src/test/java/org/apache/dolphinscheduler/server/master/utils/SwitchTaskUtilsTest.java
View file
Open in desktop
Expand Up @@ -24,6 +24,8 @@
import java.util.HashMap;
import java.util.Map;

import javax.script.ScriptException;

import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

Expand Down Expand Up @@ -53,16 +55,19 @@ public void testIllegalCondition() {
});

String cmd = "bash /tmp/shell";
String cmdContent = "java.lang.Runtime.getRuntime().exec(\"${cmd}\")";
String cmdContent = "java.lang.Runtime.getRuntime().exec(${cmd})";
globalParams.put("cmd", new Property("cmd", Direct.IN, DataType.VARCHAR, cmd));
Assertions.assertThrowsExactly(IllegalArgumentException.class, () -> {
SwitchTaskUtils.generateContentWithTaskParams(cmdContent, globalParams, varParams);

Assertions.assertThrowsExactly(RuntimeException.class, () -> {
String script = SwitchTaskUtils.generateContentWithTaskParams(cmdContent, globalParams, varParams);
SwitchTaskUtils.evaluate(script);
});

String contentWithUnicode =
"\\\\u006a\\\\u0061\\\\u0076\\\\u0061\\\\u002e\\\\u006c\\\\u0061\\\\u006e\\\\u0067\\\\u002e\\\\u0052\\\\u0075\\\\u006e\\\\u0074\\\\u0069\\\\u006d\\\\u0065.getRuntime().exec(\\\"open -a Calculator.app\\";
Assertions.assertThrowsExactly(IllegalArgumentException.class, () -> {
SwitchTaskUtils.generateContentWithTaskParams(contentWithUnicode, globalParams, varParams);
"\\\\u006a\\\\u0061\\\\u0076\\\\u0061\\\\u002e\\\\u006c\\\\u0061\\\\u006e\\\\u0067\\\\u002e\\\\u0052\\\\u0075\\\\u006e\\\\u0074\\\\u0069\\\\u006d\\\\u0065.getRuntime().exec(${cmd})";
Assertions.assertThrowsExactly(ScriptException.class, () -> {
String script = SwitchTaskUtils.generateContentWithTaskParams(contentWithUnicode, globalParams, varParams);
SwitchTaskUtils.evaluate(script);
});

String contentWithSpecify1 = "cmd.abc";
Expand Down
23 changes: 23 additions & 0 deletions tools/dependencies/known-dependencies.txt
View file
Open in desktop
Expand Up @@ -499,4 +499,27 @@ tea-util-0.2.13.jar
dom4j-2.1.3.jar
jaxb-core-2.3.0.jar
jaxb-impl-2.3.0.jar
delight-nashorn-sandbox-0.3.2.jar
abbrev-1.1.1.jar
balanced-match-1.0.2.jar
brace-expansion-2.0.1.jar
commander-2.20.3.jar
config-chain-1.1.13.jar
editorconfig-0.15.3.jar
fs.realpath-1.0.0.jar
glob-8.1.0.jar
inflight-1.0.6.jar
inherits-2.0.4.jar
ini-1.3.8.jar
js-beautify-1.14.7.jar
lru-cache-4.1.5.jar
minimatch-5.1.6.jar
nopt-6.0.0.jar
once-1.4.0.jar
proto-list-1.2.4.jar
pseudomap-1.0.2.jar
semver-5.7.2.jar
sigmund-1.0.1.jar
wrappy-1.0.2.jar
yallist-2.1.2.jar