Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Backport 2.x] Fix AppSec Findings CWE-22 and CWE-476 #1539

Merged
merged 1 commit into from
Mar 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,9 @@ public static ClusterType instance(String value) {
}

protected final ClusterType getClusterType() {
if (System.getProperty(BWCSUITE_CLUSTER) == null) {
throw new IllegalArgumentException(String.format("[%s] value is null", BWCSUITE_CLUSTER));
}
return ClusterType.instance(System.getProperty(BWCSUITE_CLUSTER));
}

Expand Down
3 changes: 3 additions & 0 deletions src/main/java/org/opensearch/knn/indices/ModelDao.java
Original file line number Diff line number Diff line change
Expand Up @@ -466,6 +466,9 @@
}

private String getMapping() throws IOException {
if (ModelDao.class.getClassLoader() == null) {
throw new IllegalStateException("ClassLoader of ModelDao Class is null");

Check warning on line 470 in src/main/java/org/opensearch/knn/indices/ModelDao.java

View check run for this annotation

Codecov / codecov/patch

src/main/java/org/opensearch/knn/indices/ModelDao.java#L470

Added line #L470 was not covered by tests
}
URL url = ModelDao.class.getClassLoader().getResource(MODEL_INDEX_MAPPING_PATH);
if (url == null) {
throw new IllegalStateException("Unable to retrieve mapping for \"" + MODEL_INDEX_NAME + "\"");
Expand Down
3 changes: 3 additions & 0 deletions src/test/java/org/opensearch/knn/index/FaissIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,9 @@ public class FaissIT extends KNNRestTestCase {

@BeforeClass
public static void setUpClass() throws IOException {
if (FaissIT.class.getClassLoader() == null) {
throw new IllegalStateException("ClassLoader of FaissIT Class is null");
}
URL testIndexVectors = FaissIT.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testQueries = FaissIT.class.getClassLoader().getResource("data/test_queries_100x128.csv");
assert testIndexVectors != null;
Expand Down
7 changes: 5 additions & 2 deletions src/test/java/org/opensearch/knn/index/NmslibIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,11 @@ public class NmslibIT extends KNNRestTestCase {

@BeforeClass
public static void setUpClass() throws IOException {
URL testIndexVectors = FaissIT.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testQueries = FaissIT.class.getClassLoader().getResource("data/test_queries_100x128.csv");
if (NmslibIT.class.getClassLoader() == null) {
throw new IllegalStateException("ClassLoader of NmslibIT Class is null");
}
URL testIndexVectors = NmslibIT.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testQueries = NmslibIT.class.getClassLoader().getResource("data/test_queries_100x128.csv");
assert testIndexVectors != null;
assert testQueries != null;
testData = new TestUtils.TestData(testIndexVectors.getPath(), testQueries.getPath());
Expand Down
7 changes: 5 additions & 2 deletions src/test/java/org/opensearch/knn/index/OpenSearchIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,11 @@ public class OpenSearchIT extends KNNRestTestCase {

@BeforeClass
public static void setUpClass() throws IOException {
URL testIndexVectors = FaissIT.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testQueries = FaissIT.class.getClassLoader().getResource("data/test_queries_100x128.csv");
if (OpenSearchIT.class.getClassLoader() == null) {
throw new IllegalStateException("ClassLoader of OpenSearchIT Class is null");
}
URL testIndexVectors = OpenSearchIT.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testQueries = OpenSearchIT.class.getClassLoader().getResource("data/test_queries_100x128.csv");
assert testIndexVectors != null;
assert testQueries != null;
testData = new TestUtils.TestData(testIndexVectors.getPath(), testQueries.getPath());
Expand Down
3 changes: 3 additions & 0 deletions src/test/java/org/opensearch/knn/jni/JNIServiceTests.java
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ public class JNIServiceTests extends KNNTestCase {

@BeforeClass
public static void setUpClass() throws IOException {
if (JNIServiceTests.class.getClassLoader() == null) {
throw new IllegalStateException("ClassLoader of JNIServiceTests Class is null");
}
URL testIndexVectors = JNIServiceTests.class.getClassLoader().getResource("data/test_vectors_1000x128.json");
URL testIndexVectorsNested = JNIServiceTests.class.getClassLoader().getResource("data/test_vectors_nested_1000x128.json");
URL testQueries = JNIServiceTests.class.getClassLoader().getResource("data/test_queries_100x128.csv");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,11 @@ public static void dumpCoverage() throws IOException, MalformedObjectNameExcepti
}

String serverUrl = System.getProperty("jmx.serviceUrl");
if (serverUrl == null) {
log.error("Failed to dump coverage because JMX Service URL is null");
throw new IllegalArgumentException("JMX Service URL is null");
}

try (JMXConnector connector = JMXConnectorFactory.connect(new JMXServiceURL(serverUrl))) {
IProxy proxy = MBeanServerInvocationHandler.newProxyInstance(
connector.getMBeanServerConnection(),
Expand All @@ -129,7 +134,7 @@ public static void dumpCoverage() throws IOException, MalformedObjectNameExcepti
false
);

Path path = Path.of(jacocoBuildPath, "integTest.exec");
Path path = Path.of(Path.of(jacocoBuildPath, "integTest.exec").toFile().getCanonicalPath());
Files.write(path, proxy.getExecutionData(false));
} catch (Exception ex) {
log.error("Failed to dump coverage: ", ex);
Expand Down
Loading