Skip to content

Commit

Permalink
added env variable filtering.groovy.enabled which allows to enable/di…
Browse files Browse the repository at this point in the history
…sable groovy script executions
  • Loading branch information
Vladysl committed Apr 8, 2024
1 parent 53a6553 commit 93829ca
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,15 @@
import com.provectus.kafka.ui.model.rbac.permission.TopicAction;
import com.provectus.kafka.ui.service.DeserializationService;
import com.provectus.kafka.ui.service.MessagesService;
import com.provectus.kafka.ui.util.DynamicConfigOperations;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.validation.Valid;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.kafka.common.TopicPartition;
import org.springframework.http.ResponseEntity;
Expand All @@ -47,6 +49,7 @@ public class MessagesController extends AbstractController implements MessagesAp

private final MessagesService messagesService;
private final DeserializationService deserializationService;
private final DynamicConfigOperations dynamicConfigOperations;

@Override
public Mono<ResponseEntity<Void>> deleteTopicMessages(
Expand Down Expand Up @@ -94,6 +97,10 @@ public Mono<ResponseEntity<Flux<TopicMessageEventDTO>>> getTopicMessages(String
.topicActions(MESSAGES_READ)
.operationName("getTopicMessages");

if (StringUtils.isNoneEmpty(q) && MessageFilterTypeDTO.GROOVY_SCRIPT == filterQueryType) {
dynamicConfigOperations.checkIfFilteringGroovyEnabled();
}

if (auditService.isAuditTopic(getCluster(clusterName), topicName)) {
contextBuilder.auditActions(AuditAction.VIEW);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,8 @@ private Map<String, ProtoFile> knownProtoFiles() {
loadKnownProtoFile("google/protobuf/struct.proto", StructProto.getDescriptor()),
loadKnownProtoFile("google/protobuf/timestamp.proto", TimestampProto.getDescriptor()),
loadKnownProtoFile("google/protobuf/type.proto", TypeProto.getDescriptor()),
loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor())
loadKnownProtoFile("google/protobuf/wrappers.proto", WrappersProto.getDescriptor()),
loadKnownProtoFile("wire/extensions.proto")
).collect(Collectors.toMap(p -> p.getLocation().getPath(), p -> p));
}

Expand All @@ -381,6 +382,11 @@ private ProtoFile loadKnownProtoFile(String path, Descriptors.FileDescriptor fil
return ProtoFile.Companion.get(ProtoParser.Companion.parse(Location.get(path), protoFileString));
}

private ProtoFile loadKnownProtoFile(String path) {
return ProtoFile.Companion.get(ProtoFileElement.empty(path));
}


private Loader createFilesLoader(Map<String, ProtoFile> files) {
return new Loader() {
@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
public class DynamicConfigOperations {

static final String DYNAMIC_CONFIG_ENABLED_ENV_PROPERTY = "dynamic.config.enabled";
static final String FILTERING_GROOVY_ENABLED_PROPERTY = "filtering.groovy.enabled";
static final String DYNAMIC_CONFIG_PATH_ENV_PROPERTY = "dynamic.config.path";
static final String DYNAMIC_CONFIG_PATH_ENV_PROPERTY_DEFAULT = "/etc/kafkaui/dynamic_config.yaml";

Expand All @@ -64,6 +65,10 @@ public boolean dynamicConfigEnabled() {
return "true".equalsIgnoreCase(ctx.getEnvironment().getProperty(DYNAMIC_CONFIG_ENABLED_ENV_PROPERTY));
}

public boolean filteringGroovyEnabled() {
return "true".equalsIgnoreCase(ctx.getEnvironment().getProperty(FILTERING_GROOVY_ENABLED_PROPERTY));
}

private Path dynamicConfigFilePath() {
return Paths.get(
Optional.ofNullable(ctx.getEnvironment().getProperty(DYNAMIC_CONFIG_PATH_ENV_PROPERTY))
Expand Down Expand Up @@ -147,6 +152,14 @@ public Mono<Path> uploadConfigRelatedFile(FilePart file) {
.onErrorMap(th -> new FileUploadException(targetFilePath, th));
}

public void checkIfFilteringGroovyEnabled() {
if (!filteringGroovyEnabled()) {
throw new ValidationException(
"Groovy filters is not allowed. "
+ "Set filtering.groovy.enabled property to 'true' to enabled it.");
}
}

private void checkIfDynamicConfigEnabled() {
if (!dynamicConfigEnabled()) {
throw new ValidationException(
Expand Down
22 changes: 17 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -24,28 +24,30 @@
<antlr4-maven-plugin.version>4.12.0</antlr4-maven-plugin.version>
<apache.commons.version>2.11.1</apache.commons.version>
<assertj.version>3.19.0</assertj.version>
<avro.version>1.11.1</avro.version>
<avro.version>1.11.3</avro.version>
<byte-buddy.version>1.12.19</byte-buddy.version>
<confluent.version>7.4.0</confluent.version>
<datasketches-java.version>3.1.0</datasketches-java.version>
<groovy.version>3.0.13</groovy.version>
<jackson.version>2.14.0</jackson.version>
<kafka-clients.version>3.5.0</kafka-clients.version>
<kafka-clients.version>3.5.2</kafka-clients.version>
<org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
<org.projectlombok.version>1.18.24</org.projectlombok.version>
<protobuf-java.version>3.23.3</protobuf-java.version>
<scala-lang.library.version>2.13.9</scala-lang.library.version>
<snakeyaml.version>2.0</snakeyaml.version>
<spring-boot.version>3.1.3</spring-boot.version>
<spring-boot.version>3.1.9</spring-boot.version>
<kafka-ui-serde-api.version>1.0.0</kafka-ui-serde-api.version>
<odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
<odd-oddrn-client.version>0.1.26</odd-oddrn-client.version>
<org.json.version>20230227</org.json.version>
<org.json.version>20231013</org.json.version>
<dev.cel.version>0.3.0</dev.cel.version>
<guava.version>31.0.1-jre</guava.version>

<!-- Test dependency versions -->
<junit.version>5.9.1</junit.version>
<mockito.version>5.3.1</mockito.version>
<okhttp3.mockwebserver.version>4.10.0</okhttp3.mockwebserver.version>
<okhttp3.mockwebserver.version>4.12.0</okhttp3.mockwebserver.version>
<testcontainers.version>1.17.5</testcontainers.version>

<!-- Frontend dependency versions -->
Expand Down Expand Up @@ -129,6 +131,16 @@
<artifactId>protobuf-java</artifactId>
<version>${protobuf-java.version}</version>
</dependency>
<dependency>
<groupId>dev.cel</groupId>
<artifactId>cel</artifactId>
<version>${dev.cel.version}</version>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>${guava.version}</version>
</dependency>
<dependency>
<groupId>org.junit</groupId>
<artifactId>junit-bom</artifactId>
Expand Down

0 comments on commit 93829ca

Please sign in to comment.