database/doris
2
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

[Fix](HttpServer) Refactor API Endpoints to Only Allow GET Requests for Enhanced Security (#24855)

Browse Source
This commit is contained in:
zy-kkk
2023-09-27 04:10:11 -05:00
committed by GitHub
parent 00e8d1c3b4
commit 100d76510c
2 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/MetricsAction.java
View File

@ -27,7 +27,7 @@ import org.apache.doris.metric.SimpleCoreMetricVisitor;
import com.google.common.base.Strings;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import java.io.IOException;
@ -41,7 +41,7 @@ public class MetricsAction extends RestBaseController {
private static final Logger LOG = LogManager.getLogger(MetricsAction.class);
private static final String TYPE_PARAM = "type";
@RequestMapping(path = "/metrics")
@GetMapping(path = "/metrics")
public void execute(HttpServletRequest request, HttpServletResponse response) {
if (Config.enable_all_http_auth) {
executeCheckPassword(request, response);

9
fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/TableQueryPlanAction.java
View File

@ -25,6 +25,7 @@ import org.apache.doris.analysis.TableRef;
import org.apache.doris.catalog.Database;
import org.apache.doris.catalog.Env;
import org.apache.doris.catalog.Table;
import org.apache.doris.catalog.TableIf;
import org.apache.doris.common.DorisHttpException;
import org.apache.doris.common.MetaNotFoundException;
import org.apache.doris.httpv2.entity.ResponseEntityBuilder;
@ -116,7 +117,7 @@ public class TableQueryPlanAction extends RestBaseController {
Table table;
try {
Database db = Env.getCurrentInternalCatalog().getDbOrMetaException(fullDbName);
table = db.getTableOrMetaException(tblName, Table.TableType.OLAP);
table = db.getTableOrMetaException(tblName, TableIf.TableType.OLAP);
} catch (MetaNotFoundException e) {
return ResponseEntityBuilder.okWithCommonError(e.getMessage());
}
@ -149,13 +150,13 @@ public class TableQueryPlanAction extends RestBaseController {
* process the sql syntax and return the resolved pruned tablet
*
* @param context context for analyzer
* @param sql the single table select statement
* @param result the acquired results
* @param sql the single table select statement
* @param result the acquired results
* @return
* @throws DorisHttpException
*/
private void handleQuery(ConnectContext context, String requestDb, String requestTable, String sql,
Map<String, Object> result) throws DorisHttpException {
Map<String, Object> result) throws DorisHttpException {
// use SE to resolve sql
StmtExecutor stmtExecutor = new StmtExecutor(context, new OriginStatement(sql, 0), false);
try {