Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add some checks before removing directories #7829

Merged
merged 2 commits into from
Jan 12, 2017
Merged

Add some checks before removing directories #7829

merged 2 commits into from
Jan 12, 2017

Conversation

joelegasse
Copy link
Contributor

@joelegasse joelegasse commented Jan 12, 2017
edited
Loading

Fixes #7822

This change first ensures that databases and retention policies exist
before attempting to remove them from the Store. It also adds some
checks in the DeleteDatabase and DeleteRetentionPolicy to ensure
that maliciously named entries won't remove anything outside of the
configured data directory.

This also adds some very basic name validation with the following
plain-english description: names must be non-zero sequence of printable
characters that do not contain slashes ('/' or '') and are not equal to
either "." or "..".

The intent is that, since we currently just use database and retention
policy names directly as path elements, these rules will hopefully leave
us with names that should be at least close to valid directory names.

Ideally, we would restrict names even further or not use them as path
elements directly, but this should be a step towards the former without
restricting names "too much"

Required for all non-trivial PRs
  • Rebased/mergable
  • Tests pass
  • CHANGELOG.md updated

@jwilder jwilder added this to the 1.2.0 milestone Jan 12, 2017
jwilder
jwilder suggested changes Jan 12, 2017
View reviewed changes
coordinator/statement_executor.go
@@ -305,6 +305,10 @@ func (e *StatementExecutor) executeDropContinuousQueryStatement(q *influxql.Drop
// It does not return an error if the database was not found on any of
// the nodes, or in the Meta store.
func (e *StatementExecutor) executeDropDatabaseStatement(stmt *influxql.DropDatabaseStatement) error {
if e.MetaClient.Database(stmt.Name) == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This needs to be a no-op instead of returning an error for API compatibility.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed. The conditional won't change, though.

coordinator/statement_executor.go

dbi := e.MetaClient.Database(stmt.Database)
if dbi == nil {
return influxql.ErrDatabaseNotFound(stmt.Database)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same for both of these.

@joelegasse joelegasse force-pushed the jl-deletepath branch 2 times, most recently from f7b37a7 to e5b972f Compare January 12, 2017 22:12
@joelegasse
Add some checks before removing directories
b19260f 
Fixes #7822

This change first ensures that databases and retention policies exist
before attempting to remove them from the Store. It also adds some
checks in the `DeleteDatabase` and `DeleteRetentionPolicy` to ensure
that maliciously named entries won't remove anything outside of the
configured data directory.
@joelegasse
Add db/rp name validation
2db0250 
This change adds some very basic name validation with the following
plain-english description: names must be non-zero sequence of printable
characters that do not contain slashes ('/' or '\') and are not equal to
either "." or "..".

The intent is that, since we currently just use database and retention
policy names directly as path elements, these rules will hopefully leave
us with names that should be at least close to valid directory names.

Ideally, we would restrict names even further or not use them as path
elements directly, but this should be a step towards the former without
restricting names "too much"
@joelegasse joelegasse merged commit dcb3797 into master Jan 12, 2017
@joelegasse joelegasse deleted the jl-deletepath branch January 12, 2017 22:47
@e-dard e-dard mentioned this pull request Jan 23, 2017
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jwilder jwilder jwilder approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.2.0
Development

Successfully merging this pull request may close these issues.

Drop database will delete /influxdb/data directory
2 participants
@joelegasse @jwilder