ATLAS-2174: code improvements and validations

common/src/main/java/org/apache/atlas/AtlasConfiguration.java

@@ -31,6 +31,8 @@ public enum AtlasConfiguration {
     WEBSERVER_QUEUE_SIZE("atlas.webserver.queuesize", 100),
     WEBSERVER_REQUEST_BUFFER_SIZE("atlas.jetty.request.buffer.size", 16192),
 
+    QUERY_PARAM_MAX_LENGTH("atlas.query.param.max.length", 4*1024),
+
     //search configuration
     SEARCH_MAX_LIMIT("atlas.search.maxlimit", 10000),
     SEARCH_DEFAULT_LIMIT("atlas.search.defaultlimit", 100);

intg/src/main/java/org/apache/atlas/AtlasErrorCode.java

@@ -101,6 +101,7 @@ public enum AtlasErrorCode {
     CLASSIFICATIONDEF_ENTITYTYPES_NOT_PARENTS_SUBSET(400, "ATLAS-400-00-054", "ClassificationDef ‘{0}‘ has entityTypes ‘{1}‘ which are not subsets of it's supertypes entityTypes"),
     INVALID_ENTITY_FOR_CLASSIFICATION (400, "ATLAS-400-00-055", "Entity (guid=‘{0}‘,typename=‘{1}‘) cannot be classified by Classification ‘{2}‘, because ‘{1}‘ is not in the ClassificationDef's restrictions."),
     SAVED_SEARCH_CHANGE_USER(400, "ATLAS-400-00-056", "saved-search {0} can not be moved from user {1} to {2}"),
+    INVALID_QUERY_PARAM_LENGTH(400, "ATLAS-400-00-057" , "Length of query param {0} exceeds the limit"),
 
     // All Not found enums go here
     TYPE_NAME_NOT_FOUND(404, "ATLAS-404-00-001", "Given typename {0} was invalid"),

webapp/src/main/java/org/apache/atlas/web/rest/DiscoveryREST.java

@@ -17,6 +17,7 @@
  */
 package org.apache.atlas.web.rest;
 
+import org.apache.atlas.AtlasConfiguration;
 import org.apache.atlas.AtlasErrorCode;
 import org.apache.atlas.SortOrder;
 import org.apache.atlas.discovery.AtlasDiscoveryService;
@@ -89,6 +90,10 @@ public class DiscoveryREST {
                                             @QueryParam("classification") String classification,
                                             @QueryParam("limit")          int    limit,
                                             @QueryParam("offset")         int    offset) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("query", query);
+        Servlets.validateQueryParamLength("typeName", typeName);
+        Servlets.validateQueryParamLength("classification", classification);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -127,6 +132,8 @@ public class DiscoveryREST {
                                                  @QueryParam("excludeDeletedEntities") boolean excludeDeletedEntities,
                                                  @QueryParam("limit")                  int     limit,
                                                  @QueryParam("offset")                 int     offset) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("query", query);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -165,6 +172,10 @@ public class DiscoveryREST {
                                               @QueryParam("excludeDeletedEntities") boolean excludeDeletedEntities,
                                               @QueryParam("limit")                  int     limit,
                                               @QueryParam("offset")                 int     offset) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("query", query);
+        Servlets.validateQueryParamLength("typeName", typeName);
+        Servlets.validateQueryParamLength("classification", classification);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -210,6 +221,10 @@ public class DiscoveryREST {
                                                   @QueryParam("typeName")        String typeName,
                                                   @QueryParam("limit")           int    limit,
                                                   @QueryParam("offset")          int    offset) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("attrName", attrName);
+        Servlets.validateQueryParamLength("attrValuePrefix", attrValuePrefix);
+        Servlets.validateQueryParamLength("typeName", typeName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -224,7 +239,6 @@ public class DiscoveryREST {
             }
 
             return atlasDiscoveryService.searchUsingBasicQuery(null, typeName, null, attrName, attrValuePrefix, true, limit, offset);
-
         } finally {
             AtlasPerfTracer.log(perf);
         }
@@ -267,6 +281,8 @@ public class DiscoveryREST {
                 throw new AtlasBaseException(AtlasErrorCode.INVALID_SEARCH_PARAMS);
             }
 
+            validateSearchParameters(parameters);
+
             return atlasDiscoveryService.searchWithParameters(parameters);
         } finally {
             AtlasPerfTracer.log(perf);
@@ -298,6 +314,10 @@ public class DiscoveryREST {
                                                    @QueryParam("excludeDeletedEntities") boolean   excludeDeletedEntities,
                                                    @QueryParam("limit")                  int       limit,
                                                    @QueryParam("offset")                 int       offset) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+        Servlets.validateQueryParamLength("relation", relation);
+        Servlets.validateQueryParamLength("sortBy", sortByAttribute);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -323,6 +343,8 @@ public class DiscoveryREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasUserSavedSearch addSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException, IOException {
+        validateUserSavedSearch(savedSearch);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -347,6 +369,8 @@ public class DiscoveryREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasUserSavedSearch updateSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException {
+        validateUserSavedSearch(savedSearch);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -373,6 +397,9 @@ public class DiscoveryREST {
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasUserSavedSearch getSavedSearch(@PathParam("name") String searchName,
                                                @QueryParam("user") String userName) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", searchName);
+        Servlets.validateQueryParamLength("user", userName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -397,6 +424,8 @@ public class DiscoveryREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public List<AtlasUserSavedSearch> getSavedSearches(@QueryParam("user") String userName) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("user", userName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -418,6 +447,8 @@ public class DiscoveryREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public void deleteSavedSearch(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -446,6 +477,9 @@ public class DiscoveryREST {
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasSearchResult executeSavedSearchByName(@PathParam("name") String searchName,
                                                       @QueryParam("user") String userName) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", searchName);
+        Servlets.validateQueryParamLength("user", userName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -474,6 +508,8 @@ public class DiscoveryREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasSearchResult executeSavedSearchByGuid(@PathParam("guid") String searchGuid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", searchGuid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -505,4 +541,22 @@ public class DiscoveryREST {
             return atlasDiscoveryService.searchWithParameters(sp);
         }
     }
+
+    private void validateUserSavedSearch(AtlasUserSavedSearch savedSearch) throws AtlasBaseException {
+        if (savedSearch != null) {
+            Servlets.validateQueryParamLength("name", savedSearch.getName());
+            Servlets.validateQueryParamLength("ownerName", savedSearch.getOwnerName());
+            Servlets.validateQueryParamLength("guid", savedSearch.getGuid());
+
+            validateSearchParameters(savedSearch.getSearchParameters());
+        }
+    }
+
+    private void validateSearchParameters(SearchParameters parameters) throws AtlasBaseException {
+        if (parameters != null) {
+            Servlets.validateQueryParamLength("typeName", parameters.getTypeName());
+            Servlets.validateQueryParamLength("classification", parameters.getClassification());
+            Servlets.validateQueryParamLength("query", parameters.getQuery());
+        }
+    }
 }

webapp/src/main/java/org/apache/atlas/web/rest/EntityREST.java

@@ -91,6 +91,8 @@ public class EntityREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEntityWithExtInfo getById(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -116,6 +118,8 @@ public class EntityREST {
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEntityWithExtInfo getByUniqueAttributes(@PathParam("typeName") String typeName,
                                                         @Context HttpServletRequest servletRequest) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("typeName", typeName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -171,6 +175,8 @@ public class EntityREST {
     public EntityMutationResponse partialUpdateEntityByUniqueAttrs(@PathParam("typeName") String typeName,
                                                                    @Context HttpServletRequest servletRequest,
                                                                    AtlasEntityWithExtInfo entityInfo) throws Exception {
+        Servlets.validateQueryParamLength("typeName", typeName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -203,6 +209,9 @@ public class EntityREST {
     public EntityMutationResponse partialUpdateEntityAttrByGuid(@PathParam("guid") String guid,
                                                                 @QueryParam("name") String attrName,
                                                                 Object attrValue) throws Exception {
+        Servlets.validateQueryParamLength("guid", guid);
+        Servlets.validateQueryParamLength("name", attrName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -226,6 +235,8 @@ public class EntityREST {
     @Consumes({Servlets.JSON_MEDIA_TYPE, MediaType.APPLICATION_JSON})
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public EntityMutationResponse deleteByGuid(@PathParam("guid") final String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -251,6 +262,8 @@ public class EntityREST {
     @Path("/uniqueAttribute/type/{typeName}")
     public EntityMutationResponse deleteByUniqueAttribute(@PathParam("typeName") String typeName,
                                                           @Context HttpServletRequest servletRequest) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("typeName", typeName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -277,6 +290,9 @@ public class EntityREST {
     @Path("/guid/{guid}/classification/{classificationName}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasClassification getClassification(@PathParam("guid") String guid, @PathParam("classificationName") final String classificationName) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+        Servlets.validateQueryParamLength("classificationName", classificationName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -304,6 +320,8 @@ public class EntityREST {
     @Path("/guid/{guid}/classifications")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasClassification.AtlasClassifications getClassifications(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -330,6 +348,8 @@ public class EntityREST {
     @Consumes({Servlets.JSON_MEDIA_TYPE, MediaType.APPLICATION_JSON})
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public void addClassifications(@PathParam("guid") final String guid, List<AtlasClassification> classifications) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -356,6 +376,8 @@ public class EntityREST {
     @Path("/guid/{guid}/classifications")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public void updateClassification(@PathParam("guid") final String guid, List<AtlasClassification> classifications) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -384,6 +406,9 @@ public class EntityREST {
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public void deleteClassification(@PathParam("guid") String guid,
                                      @PathParam("classificationName") final String classificationName) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+        Servlets.validateQueryParamLength("classificationName", classificationName);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -415,6 +440,12 @@ public class EntityREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEntitiesWithExtInfo getByGuids(@QueryParam("guid") List<String> guids) throws AtlasBaseException {
+        if (CollectionUtils.isNotEmpty(guids)) {
+            for (String guid : guids) {
+                Servlets.validateQueryParamLength("guid", guid);
+            }
+        }
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -465,6 +496,12 @@ public class EntityREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public EntityMutationResponse deleteByGuids(@QueryParam("guid") final List<String> guids) throws AtlasBaseException {
+        if (CollectionUtils.isNotEmpty(guids)) {
+            for (String guid : guids) {
+                Servlets.validateQueryParamLength("guid", guid);
+            }
+        }
+
         AtlasPerfTracer perf = null;
 
         try {

webapp/src/main/java/org/apache/atlas/web/rest/LineageREST.java

@@ -25,6 +25,7 @@ import org.apache.atlas.model.lineage.AtlasLineageInfo;
 import org.apache.atlas.model.lineage.AtlasLineageInfo.LineageDirection;
 import org.apache.atlas.utils.AtlasPerfTracer;
 import org.apache.atlas.web.util.Servlets;
+import org.apache.commons.collections.CollectionUtils;
 import org.slf4j.Logger;
 import org.springframework.stereotype.Service;
 
@@ -79,6 +80,8 @@ public class LineageREST {
     public AtlasLineageInfo getLineageGraph(@PathParam("guid") String guid,
                                             @QueryParam("direction") @DefaultValue(DEFAULT_DIRECTION)  LineageDirection direction,
                                             @QueryParam("depth") @DefaultValue(DEFAULT_DEPTH) int depth) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {

webapp/src/main/java/org/apache/atlas/web/rest/RelationshipREST.java

@@ -103,6 +103,8 @@ public class RelationshipREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasRelationship getById(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {
@@ -125,6 +127,8 @@ public class RelationshipREST {
     @Consumes(Servlets.JSON_MEDIA_TYPE)
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public void deleteById(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasPerfTracer perf = null;
 
         try {

webapp/src/main/java/org/apache/atlas/web/rest/TypesREST.java

@@ -72,6 +72,8 @@ public class TypesREST {
     @Path("/typedef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasBaseTypeDef getTypeDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasBaseTypeDef ret = typeDefStore.getByName(name);
 
         return ret;
@@ -88,6 +90,8 @@ public class TypesREST {
     @Path("/typedef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasBaseTypeDef getTypeDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasBaseTypeDef ret = typeDefStore.getByGuid(guid);
 
         return ret;
@@ -140,6 +144,8 @@ public class TypesREST {
     @Path("/enumdef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEnumDef getEnumDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasEnumDef ret = typeDefStore.getEnumDefByName(name);
 
         return ret;
@@ -157,6 +163,8 @@ public class TypesREST {
     @Path("/enumdef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEnumDef getEnumDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasEnumDef ret = typeDefStore.getEnumDefByGuid(guid);
 
         return ret;
@@ -175,6 +183,8 @@ public class TypesREST {
     @Path("/structdef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasStructDef getStructDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasStructDef ret = typeDefStore.getStructDefByName(name);
 
         return ret;
@@ -192,6 +202,8 @@ public class TypesREST {
     @Path("/structdef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasStructDef getStructDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasStructDef ret = typeDefStore.getStructDefByGuid(guid);
 
         return ret;
@@ -209,6 +221,8 @@ public class TypesREST {
     @Path("/classificationdef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasClassificationDef getClassificationDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasClassificationDef ret = typeDefStore.getClassificationDefByName(name);
 
         return ret;
@@ -226,6 +240,8 @@ public class TypesREST {
     @Path("/classificationdef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasClassificationDef getClassificationDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasClassificationDef ret = typeDefStore.getClassificationDefByGuid(guid);
 
         return ret;
@@ -243,6 +259,8 @@ public class TypesREST {
     @Path("/entitydef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEntityDef getEntityDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasEntityDef ret = typeDefStore.getEntityDefByName(name);
 
         return ret;
@@ -260,6 +278,8 @@ public class TypesREST {
     @Path("/entitydef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasEntityDef getEntityDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasEntityDef ret = typeDefStore.getEntityDefByGuid(guid);
 
         return ret;
@@ -276,6 +296,8 @@ public class TypesREST {
     @Path("/relationshipdef/name/{name}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasRelationshipDef getRelationshipDefByName(@PathParam("name") String name) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("name", name);
+
         AtlasRelationshipDef ret = typeDefStore.getRelationshipDefByName(name);
 
         return ret;
@@ -293,6 +315,8 @@ public class TypesREST {
     @Path("/relationshipdef/guid/{guid}")
     @Produces(Servlets.JSON_MEDIA_TYPE)
     public AtlasRelationshipDef getRelationshipDefByGuid(@PathParam("guid") String guid) throws AtlasBaseException {
+        Servlets.validateQueryParamLength("guid", guid);
+
         AtlasRelationshipDef ret = typeDefStore.getRelationshipDefByGuid(guid);
 
         return ret;

webapp/src/main/java/org/apache/atlas/web/util/Servlets.java

@@ -19,6 +19,8 @@
 package org.apache.atlas.web.util;
 
 import org.apache.atlas.AtlasClient;
+import org.apache.atlas.AtlasConfiguration;
+import org.apache.atlas.AtlasErrorCode;
 import org.apache.atlas.LocalServletRequest;
 import org.apache.atlas.exception.AtlasBaseException;
 import org.apache.atlas.utils.ParamChecker;
@@ -57,6 +59,8 @@ public final class Servlets {
     public static final String JSON_MEDIA_TYPE = MediaType.APPLICATION_JSON + "; charset=UTF-8";
     public static final String BINARY = MediaType.APPLICATION_OCTET_STREAM;
 
+    private static final int QUERY_PARAM_MAX_LENGTH = AtlasConfiguration.QUERY_PARAM_MAX_LENGTH.getInt();
+
     /**
      * Returns the user of the given request.
      *
@@ -206,4 +210,10 @@ public final class Servlets {
 
         return attributes;
     }
+
+    public static void validateQueryParamLength(String paramName, String paramValue) throws AtlasBaseException {
+        if (StringUtils.isNotEmpty(paramValue) && paramValue.length() > QUERY_PARAM_MAX_LENGTH) {
+            throw new AtlasBaseException(AtlasErrorCode.INVALID_QUERY_PARAM_LENGTH, paramName);
+        }
+    }
 }