From 9f48a023da5fbf2dd8d5b74232851b6f4e089908 Mon Sep 17 00:00:00 2001 From: Bharathwaj G Date: Mon, 13 Mar 2023 09:51:28 +0530 Subject: [PATCH] fixing input validation in segments and delete pit request Signed-off-by: Bharathwaj G --- CHANGELOG.md | 2 +- .../action/admin/indices/segments/PitSegmentsRequest.java | 6 +++++- .../java/org/opensearch/action/search/DeletePitRequest.java | 6 +++++- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa68140715202..9f9ab155067bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -68,7 +68,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Fix 'org.apache.hc.core5.http.ParseException: Invalid protocol version' under JDK 16+ ([#4827](https://github.com/opensearch-project/OpenSearch/pull/4827)) - Fix compression support for h2c protocol ([#4944](https://github.com/opensearch-project/OpenSearch/pull/4944)) - Support OpenSSL Provider with default Netty allocator ([#5460](https://github.com/opensearch-project/OpenSearch/pull/5460)) - +- Fixing input validation in segments and delete pit request ([#6645](https://github.com/opensearch-project/OpenSearch/pull/6645)) ### Security ## [Unreleased 2.x] diff --git a/server/src/main/java/org/opensearch/action/admin/indices/segments/PitSegmentsRequest.java b/server/src/main/java/org/opensearch/action/admin/indices/segments/PitSegmentsRequest.java index 35a4deba7bb43..a9728d139f4d1 100644 --- a/server/src/main/java/org/opensearch/action/admin/indices/segments/PitSegmentsRequest.java +++ b/server/src/main/java/org/opensearch/action/admin/indices/segments/PitSegmentsRequest.java @@ -19,7 +19,9 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Set; import static org.opensearch.action.ValidateActions.addValidationError; @@ -87,7 +89,7 @@ public ActionRequestValidationException validate() { } public void fromXContent(XContentParser parser) throws IOException { - pitIds.clear(); + Set pitIds = new HashSet<>(); if (parser.nextToken() != XContentParser.Token.START_OBJECT) { throw new IllegalArgumentException("Malformed content, must start with an object"); } else { @@ -117,5 +119,7 @@ public void fromXContent(XContentParser parser) throws IOException { } } } + this.pitIds.clear(); + this.pitIds.addAll(pitIds); } } diff --git a/server/src/main/java/org/opensearch/action/search/DeletePitRequest.java b/server/src/main/java/org/opensearch/action/search/DeletePitRequest.java index 90cd1ed474d61..a627aaf26ee44 100644 --- a/server/src/main/java/org/opensearch/action/search/DeletePitRequest.java +++ b/server/src/main/java/org/opensearch/action/search/DeletePitRequest.java @@ -21,7 +21,9 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; +import java.util.HashSet; import java.util.List; +import java.util.Set; import static org.opensearch.action.ValidateActions.addValidationError; @@ -91,7 +93,7 @@ public XContentBuilder toXContent(XContentBuilder builder, ToXContent.Params par } public void fromXContent(XContentParser parser) throws IOException { - pitIds.clear(); + Set pitIds = new HashSet<>(); if (parser.nextToken() != XContentParser.Token.START_OBJECT) { throw new IllegalArgumentException("Malformed content, must start with an object"); } else { @@ -121,6 +123,8 @@ public void fromXContent(XContentParser parser) throws IOException { } } } + this.pitIds.clear(); + this.pitIds.addAll(pitIds); } }