[enhancement](udf) add the switch enable_java_udf to control the creation and use of java_udf. (#26213)
This commit is contained in:
luozenglin
@ -2261,6 +2261,14 @@ public class Config extends ConfigBase {
|
||||
})
|
||||
public static String access_control_allowed_origin_domain = "*";
|
||||
|
||||
@ConfField(description = {
|
||||
"开启java_udf, 默认为true。如果该配置为false,则禁止创建和使用java_udf。在一些场景下关闭该配置可防止命令注入攻击。",
|
||||
"Used to enable java_udf, default is true. if this configuration is false, creation and use of java_udf is "
|
||||
+ "disabled. in some scenarios it may be necessary to disable this configuration to prevent "
|
||||
+ "command injection attacks."
|
||||
})
|
||||
public static boolean enable_java_udf = true;
|
||||
|
||||
@ConfField(description = {
|
||||
"是否忽略 Image 文件中未知的模块。如果为 true,不在 PersistMetaModules.MODULE_NAMES 中的元数据模块将被忽略并跳过。"
|
||||
+ "默认为 false,如果 Image 文件中包含未知的模块,Doris 将会抛出异常。"
|
||||
|
||||
@ -23,6 +23,7 @@ import org.apache.doris.catalog.ArrayType;
|
||||
import org.apache.doris.catalog.Env;
|
||||
import org.apache.doris.catalog.Function;
|
||||
import org.apache.doris.catalog.Function.NullableMode;
|
||||
import org.apache.doris.catalog.FunctionUtil;
|
||||
import org.apache.doris.catalog.MapType;
|
||||
import org.apache.doris.catalog.ScalarFunction;
|
||||
import org.apache.doris.catalog.ScalarType;
|
||||
@ -262,6 +263,8 @@ public class CreateFunctionStmt extends DdlStmt {
|
||||
}
|
||||
}
|
||||
if (binaryType == TFunctionBinaryType.JAVA_UDF) {
|
||||
FunctionUtil.checkEnableJavaUdf();
|
||||
|
||||
String returnNullModeStr = properties.get(IS_RETURN_NULL);
|
||||
if (returnNullModeStr == null) {
|
||||
return;
|
||||
|
||||
@ -28,6 +28,7 @@ import org.apache.doris.catalog.DatabaseIf;
|
||||
import org.apache.doris.catalog.Env;
|
||||
import org.apache.doris.catalog.Function;
|
||||
import org.apache.doris.catalog.FunctionSet;
|
||||
import org.apache.doris.catalog.FunctionUtil;
|
||||
import org.apache.doris.catalog.MapType;
|
||||
import org.apache.doris.catalog.ScalarFunction;
|
||||
import org.apache.doris.catalog.ScalarType;
|
||||
@ -1608,6 +1609,9 @@ public class FunctionCallExpr extends Expr {
|
||||
if (analyzer.isReAnalyze() && fn instanceof AliasFunction) {
|
||||
throw new AnalysisException("a UDF in the original function of a alias function");
|
||||
}
|
||||
if (fn != null) {
|
||||
FunctionUtil.checkEnableJavaUdf();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -146,6 +146,7 @@ public class FunctionRegistry {
|
||||
List<FunctionBuilder> candidate = name2UdfBuilders.getOrDefault(scope, ImmutableMap.of())
|
||||
.get(name.toLowerCase());
|
||||
if (candidate != null && !candidate.isEmpty()) {
|
||||
FunctionUtil.checkEnableJavaUdfForNereids();
|
||||
return candidate;
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,6 +21,7 @@ import org.apache.doris.analysis.Analyzer;
|
||||
import org.apache.doris.analysis.SetType;
|
||||
import org.apache.doris.cluster.ClusterNamespace;
|
||||
import org.apache.doris.common.AnalysisException;
|
||||
import org.apache.doris.common.Config;
|
||||
import org.apache.doris.common.ErrorCode;
|
||||
import org.apache.doris.common.ErrorReport;
|
||||
import org.apache.doris.common.UserException;
|
||||
@ -257,4 +258,16 @@ public class FunctionUtil {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static void checkEnableJavaUdf() throws AnalysisException {
|
||||
if (!Config.enable_java_udf) {
|
||||
throw new AnalysisException("java_udf has been disabled.");
|
||||
}
|
||||
}
|
||||
|
||||
public static void checkEnableJavaUdfForNereids() {
|
||||
if (!Config.enable_java_udf) {
|
||||
throw new org.apache.doris.nereids.exceptions.AnalysisException("java_udf has been disabled.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user