Google Git
Sign in
apache / lucene-solr / c2f26ac784945dca6d096b58f2d0e98196562894 / . / solr / core / src / java / org / apache / solr / core / SolrPaths.java
blob: ae4aec33ba02e2e53cbf2f8be1115cabf8bb67cd [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.solr.core;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.naming.NoInitialContextException;
import java.io.File;
import java.lang.invoke.MethodHandles;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Set;
import java.util.concurrent.ConcurrentSkipListSet;
import org.apache.commons.exec.OS;
import org.apache.solr.common.SolrException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* Utility methods about paths in Solr.
*/
public final class SolrPaths {
private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
private static final Set<String> loggedOnce = new ConcurrentSkipListSet<>();
private SolrPaths() {} // don't create this
/**
* Finds the solrhome based on looking up the value in one of three places:
* <ol>
* <li>JNDI: via java:comp/env/solr/home</li>
* <li>The system property solr.solr.home</li>
* <li>Look in the current working directory for a solr/ directory</li>
* </ol>
* <p>
* The return value is normalized. Normalization essentially means it ends in a trailing slash.
*
* @return A normalized solrhome
* @see #normalizeDir(String)
* @deprecated all code should get solr home from CoreContainer
* @see CoreContainer#getSolrHome()
*/
@Deprecated
public static Path locateSolrHome() {
String home = null;
// Try JNDI
try {
Context c = new InitialContext();
home = (String) c.lookup("java:comp/env/solr/home");
logOnceInfo("home_using_jndi", "Using JNDI solr.home: " + home);
} catch (NoInitialContextException e) {
log.debug("JNDI not configured for solr (NoInitialContextEx)");
} catch (NamingException e) {
log.debug("No /solr/home in JNDI");
} catch (RuntimeException ex) {
log.warn("Odd RuntimeException while testing for JNDI: ", ex);
}
// Now try system property
if (home == null) {
String prop = "solr.solr.home";
home = System.getProperty(prop);
if (home != null) {
logOnceInfo("home_using_sysprop", "Using system property " + prop + ": " + home);
}
}
// if all else fails, try
if (home == null) {
home = "solr/";
logOnceInfo("home_default", "solr home defaulted to '" + home + "' (could not find system property or JNDI)");
}
return Paths.get(home);
}
/**
* Ensures a directory name always ends with a '/'.
*/
public static String normalizeDir(String path) {
return (path != null && (!(path.endsWith("/") || path.endsWith("\\")))) ? path + File.separator : path;
}
// Logs a message only once per startup
private static void logOnceInfo(String key, String msg) {
if (!loggedOnce.contains(key)) {
loggedOnce.add(key);
log.info(msg);
}
}
/**
* Checks that the given path is relative to one of the allowPaths supplied. Typically this will be
* called from {@link CoreContainer#assertPathAllowed(Path)} and allowPaths pre-filled with the node's
* SOLR_HOME, SOLR_DATA_HOME and coreRootDirectory folders, as well as any paths specified in
* solr.xml's allowPaths element. The following paths will always fail validation:
* <ul>
* <li>Relative paths starting with <code>..</code></li>
* <li>Windows UNC paths (such as <code>\\host\share\path</code>)</li>
* <li>Paths which are not relative to any of allowPaths</li>
* </ul>
* @param pathToAssert path to check
* @param allowPaths list of paths that should be allowed prefixes for pathToAssert
* @throws SolrException if path is outside allowed paths
*/
public static void assertPathAllowed(Path pathToAssert, Set<Path> allowPaths) throws SolrException {
if (pathToAssert == null) return;
if (OS.isFamilyWindows() && pathToAssert.toString().startsWith("\\\\")) {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
"Path " + pathToAssert + " disallowed. UNC paths not supported. Please use drive letter instead.");
}
// Conversion Path -> String -> Path is to be able to compare against org.apache.lucene.mockfile.FilterPath instances
final Path path = Paths.get(pathToAssert.toString()).normalize();
if (path.startsWith("..")) {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
"Path " + pathToAssert + " disallowed due to path traversal..");
}
if (!path.isAbsolute()) return; // All relative paths are accepted
if (allowPaths.contains(Paths.get("_ALL_"))) return; // Catch-all path "*"/"_ALL_" will allow all other paths
if (allowPaths.stream().noneMatch(p -> path.startsWith(Paths.get(p.toString())))) {
throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
"Path " + path + " must be relative to SOLR_HOME, SOLR_DATA_HOME coreRootDirectory. Set system property 'solr.allowPaths' to add other allowed paths.");
}
}
}