001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.apache.hadoop.hbase.regionserver; 019 020import static org.junit.jupiter.api.Assertions.assertDoesNotThrow; 021import static org.junit.jupiter.api.Assertions.assertThrows; 022 023import org.apache.hadoop.conf.Configuration; 024import org.apache.hadoop.fs.Path; 025import org.apache.hadoop.hbase.DoNotRetryIOException; 026import org.apache.hadoop.hbase.HBaseConfiguration; 027import org.apache.hadoop.hbase.testclassification.RegionServerTests; 028import org.apache.hadoop.hbase.testclassification.SmallTests; 029import org.junit.jupiter.api.BeforeEach; 030import org.junit.jupiter.api.Tag; 031import org.junit.jupiter.api.Test; 032 033/** 034 * Verify that {@link SecureBulkLoadManager#validateStagingPath} rejects paths outside the staging 035 * directory. 036 */ 037@Tag(RegionServerTests.TAG) 038@Tag(SmallTests.TAG) 039public class TestSecureBulkLoadManagerPathValidation { 040 041 private SecureBulkLoadManager manager; 042 043 @BeforeEach 044 public void setUp() throws Exception { 045 Configuration conf = HBaseConfiguration.create(); 046 conf.set("hbase.rootdir", "file:///tmp/hbase-test"); 047 manager = new SecureBulkLoadManager(conf, null); 048 manager.start(); 049 } 050 051 @Test 052 public void itAcceptsDirectChildOfStagingDir() { 053 Path valid = new Path("file:///tmp/hbase-test/staging/user__table__randomtoken"); 054 assertDoesNotThrow(() -> manager.validateStagingPath(valid)); 055 } 056 057 @Test 058 public void itRejectsPathTraversal() { 059 Path traversal = new Path("file:///tmp/hbase-test/staging/../data/default/important_table"); 060 assertThrows(DoNotRetryIOException.class, () -> manager.validateStagingPath(traversal)); 061 } 062 063 @Test 064 public void itRejectsAbsolutePathOutsideStaging() { 065 Path outside = new Path("file:///etc/passwd"); 066 assertThrows(DoNotRetryIOException.class, () -> manager.validateStagingPath(outside)); 067 } 068 069 @Test 070 public void itRejectsNestedChildOfStagingDir() { 071 Path nested = new Path("file:///tmp/hbase-test/staging/token/deeper"); 072 assertThrows(DoNotRetryIOException.class, () -> manager.validateStagingPath(nested)); 073 } 074 075 @Test 076 public void itRejectsRelativePathTraversal() { 077 Path relative = new Path("../../../etc"); 078 assertThrows(DoNotRetryIOException.class, () -> manager.validateStagingPath(relative)); 079 } 080 081 @Test 082 public void itRejectsStagingDirItself() { 083 Path stagingDir = new Path("file:///tmp/hbase-test/staging"); 084 assertThrows(DoNotRetryIOException.class, () -> manager.validateStagingPath(stagingDir)); 085 } 086}