[fix](security): non-static inner class should not implement serialized interface, or when it is serialized it will contain outer class info, which is not safe #24454

fix: non-static inner class should not implement serialized interface, or when it is serialized it will contain outer class info, which is not safe And in this scenario, the class does not use info of outer class, which should use static class instead
2023-09-18 15:55:43 +08:00
parent b9f1ac153a
commit ef4ab106d8
2 changed files with 3 additions and 3 deletions
--- a/fe/fe-core/src/main/java/org/apache/doris/load/DppScheduler.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/load/DppScheduler.java
@ -552,7 +552,7 @@ public class DppScheduler {
        return String.format(ETL_OUTPUT_PATH, fsDefaultName, outputPath, dbId, loadLabel, etlOutputDir);
    }

-    private class InputSizeInvalidException extends LoadException {
+    private static class InputSizeInvalidException extends LoadException {
        public InputSizeInvalidException(String msg) {
            super(msg);
        }
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/Coordinator.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/Coordinator.java
@ -2476,12 +2476,12 @@ public class Coordinator implements CoordInterface {

    // map from a BE host address to the per-node assigned scan ranges;
    // records scan range assignment for a single fragment
-    class FragmentScanRangeAssignment
+    static class FragmentScanRangeAssignment
            extends HashMap<TNetworkAddress, Map<Integer, List<TScanRangeParams>>> {
    }

    // Bucket sequence -> (scan node id -> list of TScanRangeParams)
-    class BucketSeqToScanRange extends HashMap<Integer, Map<Integer, List<TScanRangeParams>>> {
+    static class BucketSeqToScanRange extends HashMap<Integer, Map<Integer, List<TScanRangeParams>>> {

    }