Skip to content

Commit

Permalink
Protect readLine() against DoS
Browse files Browse the repository at this point in the history
  • Loading branch information
@pixeebot
pixeebot[bot] authored Oct 21, 2024
1 parent 5a4b5fa commit 89d364c
Show file tree
Hide file tree
Showing 33 changed files with 100 additions and 67 deletions.
3 changes: 2 additions & 1 deletion ...ns/src/main/java/org/elasticsearch/gradle/internal/conventions/info/ParallelDetector.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.gradle.internal.conventions.info;

import io.github.pixee.security.BoundedLineReader;
import org.gradle.api.Action;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;
Expand Down Expand Up @@ -45,7 +46,7 @@ public static int findDefaultParallel(Project project) {
String currentID = "";

try (BufferedReader reader = new BufferedReader(new FileReader(cpuInfoFile))) {
for (String line = reader.readLine(); line != null; line = reader.readLine()) {
for (String line = BoundedLineReader.readLine(reader, 5_000_000); line != null; line = BoundedLineReader.readLine(reader, 5_000_000)) {
if (line.contains(":")) {
List<String> parts = Arrays.stream(line.split(":", 2)).map(String::trim).collect(Collectors.toList());
String name = parts.get(0);
Expand Down
3 changes: 2 additions & 1 deletion ...-internal/src/main/java/org/elasticsearch/gradle/internal/info/GlobalBuildInfoPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/
package org.elasticsearch.gradle.internal.info;

import io.github.pixee.security.BoundedLineReader;
import org.apache.commons.io.IOUtils;
import org.elasticsearch.gradle.internal.BwcVersions;
import org.elasticsearch.gradle.internal.conventions.info.GitInfo;
Expand Down Expand Up @@ -360,7 +361,7 @@ public static String getResourceContents(String resourcePath) {
BufferedReader reader = new BufferedReader(new InputStreamReader(GlobalBuildInfoPlugin.class.getResourceAsStream(resourcePath)))
) {
StringBuilder b = new StringBuilder();
for (String line = reader.readLine(); line != null; line = reader.readLine()) {
for (String line = BoundedLineReader.readLine(reader, 5_000_000); line != null; line = BoundedLineReader.readLine(reader, 5_000_000)) {
if (b.length() != 0) {
b.append('\n');
}
Expand Down
3 changes: 2 additions & 1 deletion ...rnal/src/main/java/org/elasticsearch/gradle/internal/test/ErrorReportingTestListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/
package org.elasticsearch.gradle.internal.test;

import io.github.pixee.security.BoundedLineReader;
import org.elasticsearch.gradle.internal.ElasticsearchTestBasePlugin;
import org.gradle.api.internal.tasks.testing.logging.FullExceptionFormatter;
import org.gradle.api.internal.tasks.testing.logging.TestExceptionFormatter;
Expand Down Expand Up @@ -99,7 +100,7 @@ public void afterSuite(final TestDescriptor suite, TestResult result) {

try (BufferedReader reader = eventWriter.reader()) {
PrintStream out = System.out;
for (String message = reader.readLine(); message != null; message = reader.readLine()) {
for (String message = BoundedLineReader.readLine(reader, 5_000_000); message != null; message = BoundedLineReader.readLine(reader, 5_000_000)) {
if (message.startsWith(" 1> ")) {
out = System.out;
} else if (message.startsWith(" 2> ")) {
Expand Down
3 changes: 2 additions & 1 deletion build-tools/src/main/java/org/elasticsearch/gradle/testclusters/RunTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/
package org.elasticsearch.gradle.testclusters;

import io.github.pixee.security.BoundedLineReader;
import org.gradle.api.GradleException;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;
Expand Down Expand Up @@ -245,7 +246,7 @@ public void runAndWait() throws IOException {
for (BufferedReader bufferedReader : toRead) {
if (bufferedReader.ready()) {
readData = true;
logger.lifecycle(bufferedReader.readLine());
logger.lifecycle(BoundedLineReader.readLine(bufferedReader, 5_000_000));
}
}

Expand Down
3 changes: 2 additions & 1 deletion ...enchmark/src/main/java/org/elasticsearch/client/benchmark/ops/bulk/BulkBenchmarkTask.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
*/
package org.elasticsearch.client.benchmark.ops.bulk;

import io.github.pixee.security.BoundedLineReader;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.elasticsearch.ElasticsearchException;
Expand Down Expand Up @@ -101,7 +102,7 @@ public void execute() {
String line;
int bulkIndex = 0;
List<String> bulkData = new ArrayList<>(bulkSize);
while ((line = reader.readLine()) != null) {
while ((line = BoundedLineReader.readLine(reader, 5_000_000)) != null) {
if (bulkIndex == bulkSize) {
sendBulk(bulkData);
// reset data structures
Expand Down
3 changes: 2 additions & 1 deletion client/rest/src/main/java/org/elasticsearch/client/RequestLogger.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@

package org.elasticsearch.client;

import io.github.pixee.security.BoundedLineReader;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
Expand Down Expand Up @@ -170,7 +171,7 @@ static String buildTraceResponse(HttpResponse httpResponse) throws IOException {
}
try (BufferedReader reader = new BufferedReader(new InputStreamReader(entity.getContent(), charset))) {
String line;
while ((line = reader.readLine()) != null) {
while ((line = BoundedLineReader.readLine(reader, 5_000_000)) != null) {
responseLine.append("\n# ").append(line);
}
}
Expand Down
7 changes: 4 additions & 3 deletions ...ion/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.plugins.cli;

import io.github.pixee.security.BoundedLineReader;
import org.apache.lucene.search.spell.LevenshteinDistance;
import org.apache.lucene.util.CollectionUtil;
import org.apache.lucene.util.Constants;
Expand Down Expand Up @@ -579,9 +580,9 @@ private Path downloadAndValidate(final String urlString, final Path tmpDir, fina
*/
final BufferedReader checksumReader = new BufferedReader(new InputStreamReader(in, StandardCharsets.UTF_8));
if (digestAlgo.equals("SHA-1")) {
expectedChecksum = checksumReader.readLine();
expectedChecksum = BoundedLineReader.readLine(checksumReader, 5_000_000);
} else {
final String checksumLine = checksumReader.readLine();
final String checksumLine = BoundedLineReader.readLine(checksumReader, 5_000_000);
final String[] fields = checksumLine.split(" {2}");
if (officialPlugin && fields.length != 2 || officialPlugin == false && fields.length > 2) {
throw new UserException(ExitCodes.IO_ERROR, "Invalid checksum file at " + checksumUrl);
Expand All @@ -603,7 +604,7 @@ private Path downloadAndValidate(final String urlString, final Path tmpDir, fina
}
}
}
if (checksumReader.readLine() != null) {
if (BoundedLineReader.readLine(checksumReader, 5_000_000) != null) {
throw new UserException(ExitCodes.IO_ERROR, "Invalid checksum file at " + checksumUrl);
}
}
Expand Down
11 changes: 6 additions & 5 deletions ...ools/plugin-cli/src/test/java/org/elasticsearch/plugins/cli/InstallPluginActionTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
import com.google.common.jimfs.Configuration;
import com.google.common.jimfs.Jimfs;
import io.github.pixee.security.BoundedLineReader;

import org.apache.lucene.tests.util.LuceneTestCase;
import org.bouncycastle.bcpg.ArmoredOutputStream;
Expand Down Expand Up @@ -850,20 +851,20 @@ public void testOfficialPluginsHelpSortedAndMissingObviouslyWrongPlugins() throw
MockTerminal mockTerminal = MockTerminal.create();
new MockInstallPluginCommand().main(new String[] { "--help" }, mockTerminal, new ProcessInfo(Map.of(), Map.of(), createTempDir()));
try (BufferedReader reader = new BufferedReader(new StringReader(mockTerminal.getOutput()))) {
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);

// first find the beginning of our list of official plugins
while (line.endsWith("may be installed by name:") == false) {
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
}

// now check each line compares greater than the last, until we reach an empty line
String prev = reader.readLine();
line = reader.readLine();
String prev = BoundedLineReader.readLine(reader, 5_000_000);
line = BoundedLineReader.readLine(reader, 5_000_000);
while (line != null && line.trim().isEmpty() == false) {
assertTrue(prev + " < " + line, prev.compareTo(line) < 0);
prev = line;
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
// qa is not really a plugin and it shouldn't sneak in
assertThat(line, not(endsWith("qa")));
assertThat(line, not(endsWith("example")));
Expand Down
9 changes: 5 additions & 4 deletions ...tools/plugin-cli/src/test/java/org/elasticsearch/plugins/cli/RemovePluginActionTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.plugins.cli;

import io.github.pixee.security.BoundedLineReader;
import org.apache.lucene.tests.util.LuceneTestCase;
import org.elasticsearch.Version;
import org.elasticsearch.cli.ExitCodes;
Expand Down Expand Up @@ -230,10 +231,10 @@ public void testRemoveUninstalledPluginErrors() throws Exception {
BufferedReader reader = new BufferedReader(new StringReader(terminal.getOutput()));
BufferedReader errorReader = new BufferedReader(new StringReader(terminal.getErrorOutput()))
) {
assertThat(errorReader.readLine(), equalTo(""));
assertThat(errorReader.readLine(), containsString("plugin [fake] not found"));
assertThat(reader.readLine(), nullValue());
assertThat(errorReader.readLine(), nullValue());
assertThat(BoundedLineReader.readLine(errorReader, 5_000_000), equalTo(""));
assertThat(BoundedLineReader.readLine(errorReader, 5_000_000), containsString("plugin [fake] not found"));
assertThat(BoundedLineReader.readLine(reader, 5_000_000), nullValue());
assertThat(BoundedLineReader.readLine(errorReader, 5_000_000), nullValue());
}
}

Expand Down
3 changes: 2 additions & 1 deletion ...ribution/tools/server-cli/src/main/java/org/elasticsearch/server/cli/ErrorPumpThread.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.server.cli;

import io.github.pixee.security.BoundedLineReader;
import org.elasticsearch.bootstrap.BootstrapInfo;

import java.io.BufferedReader;
Expand Down Expand Up @@ -76,7 +77,7 @@ void drain() {
public void run() {
try {
String line;
while ((line = reader.readLine()) != null) {
while ((line = BoundedLineReader.readLine(reader, 5_000_000)) != null) {
if (line.isEmpty() == false && line.charAt(0) == SERVER_READY_MARKER) {
ready = true;
readyOrDead.countDown();
Expand Down
3 changes: 2 additions & 1 deletion ...ibution/tools/server-cli/src/main/java/org/elasticsearch/server/cli/JvmOptionsParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.server.cli;

import io.github.pixee.security.BoundedLineReader;
import org.elasticsearch.bootstrap.ServerArgs;
import org.elasticsearch.cli.ExitCodes;
import org.elasticsearch.cli.UserException;
Expand Down Expand Up @@ -289,7 +290,7 @@ static void parse(
) throws IOException {
int lineNumber = 0;
while (true) {
final String line = br.readLine();
final String line = BoundedLineReader.readLine(br, 5_000_000);
lineNumber++;
if (line == null) {
break;
Expand Down
3 changes: 2 additions & 1 deletion libs/grok/src/main/java/org/elasticsearch/grok/GrokBuiltinPatterns.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

package org.elasticsearch.grok;

import io.github.pixee.security.BoundedLineReader;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
Expand Down Expand Up @@ -138,7 +139,7 @@ private static PatternBank loadPatternsFromDirectory(List<String> patternNames,
private static void loadPatternsFromFile(Map<String, String> patternBank, InputStream inputStream) throws IOException {
String line;
BufferedReader br = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
while ((line = br.readLine()) != null) {
while ((line = BoundedLineReader.readLine(br, 5_000_000)) != null) {
String trimmedLine = line.replaceAll("^\\s+", "");
if (trimmedLine.startsWith("#") || trimmedLine.length() == 0) {
continue;
Expand Down
11 changes: 6 additions & 5 deletions libs/h3/src/test/java/org/elasticsearch/h3/CellBoundaryTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
*/
package org.elasticsearch.h3;

import io.github.pixee.security.BoundedLineReader;
import org.apache.lucene.geo.GeoEncodingUtils;
import org.apache.lucene.tests.geo.GeoTestUtil;
import org.elasticsearch.test.ESTestCase;
Expand Down Expand Up @@ -148,30 +149,30 @@ public void testBc19r14cells() throws Exception {
private void processFile(String file) throws IOException {
InputStream fis = getClass().getResourceAsStream(file + ".gz");
BufferedReader reader = new BufferedReader(new InputStreamReader(new GZIPInputStream(fis), StandardCharsets.UTF_8));
String h3Address = reader.readLine();
String h3Address = BoundedLineReader.readLine(reader, 5_000_000);
while (h3Address != null) {
assertEquals(true, H3.h3IsValid(h3Address));
long h3 = H3.stringToH3(h3Address);
assertEquals(true, H3.h3IsValid(h3));
processOne(h3Address, reader);
h3Address = reader.readLine();
h3Address = BoundedLineReader.readLine(reader, 5_000_000);
}
}

private void processOne(String h3Address, BufferedReader reader) throws IOException {
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);
if ("{".equals(line) == false) {
throw new IllegalArgumentException();
}
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
List<double[]> points = new ArrayList<>();
while ("}".equals(line) == false) {
StringTokenizer tokens = new StringTokenizer(line, " ");
assertEquals(2, tokens.countTokens());
double lat = Double.parseDouble(tokens.nextToken());
double lon = Double.parseDouble(tokens.nextToken());
points.add(new double[] { lat, lon });
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
}
CellBoundary boundary = H3.h3ToGeoBoundary(h3Address);
assert boundary.numPoints() == points.size();
Expand Down
5 changes: 3 additions & 2 deletions libs/h3/src/test/java/org/elasticsearch/h3/CellCenterTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
*/
package org.elasticsearch.h3;

import io.github.pixee.security.BoundedLineReader;
import org.elasticsearch.test.ESTestCase;

import java.io.BufferedReader;
Expand Down Expand Up @@ -145,7 +146,7 @@ public void testBc19r15centers() throws Exception {
private void processFile(String file) throws IOException {
InputStream fis = getClass().getResourceAsStream(file + ".gz");
BufferedReader reader = new BufferedReader(new InputStreamReader(new GZIPInputStream(fis), StandardCharsets.UTF_8));
String line = reader.readLine();
String line = BoundedLineReader.readLine(reader, 5_000_000);
while (line != null) {
StringTokenizer tokenizer = new StringTokenizer(line, " ");
assertEquals(3, tokenizer.countTokens());
Expand All @@ -156,7 +157,7 @@ private void processFile(String file) throws IOException {
assertH3ToLatLng(h3Address, lat, lon);
assertGeoToH3(h3Address, lat, lon);
assertHexRing(h3Address);
line = reader.readLine();
line = BoundedLineReader.readLine(reader, 5_000_000);
}
}

Expand Down
Loading

0 comments on commit 89d364c

Please sign in to comment.