OpenTelemetry for Eclipse Dirigible #4451

iliyan-velichkov · 2024-11-19T13:37:47Z

TODO

...ain/java/org/eclipse/dirigible/components/engine/javascript/endpoint/JavascriptEndpoint.java

+    /**
+     * Put.
+     *
+     * @param projectName the project name


To fix the partial path traversal vulnerability, we need to ensure that the directory path (registryPath) is slash-terminated before checking if it is a prefix of the user-supplied path. This can be achieved by appending a slash to registryPath if it is not already slash-terminated. Additionally, we should use Path objects to perform the prefix check, as they handle path normalization and comparison more securely.

Modify the isValid method to ensure registryPath is slash-terminated.

Use Path objects to perform the prefix check instead of string comparison.

Signed-off-by: Iliyan Velichkov <[email protected]>

iliyan-velichkov self-assigned this Nov 19, 2024

iliyan-velichkov marked this pull request as draft November 19, 2024 13:37

iliyan-velichkov force-pushed the otel branch from 7ac9096 to f58264f Compare November 19, 2024 13:38

github-advanced-security bot found potential problems Nov 20, 2024

View reviewed changes

iliyan-velichkov added 26 commits November 25, 2024 16:21

Add Spring Boot Admin (SBA)

0cf323a

Signed-off-by: Iliyan Velichkov <[email protected]>

add more comments

af23c16

Signed-off-by: Iliyan Velichkov <[email protected]>

add authentication and authorization IT

4af966d

Signed-off-by: Iliyan Velichkov <[email protected]>

cleanup

41b7cc8

Signed-off-by: Iliyan Velichkov <[email protected]>

enable liveness and readiness

290a24e

Signed-off-by: Iliyan Velichkov <[email protected]>

increase waiting time in CsvimIT.java

d5f0b7d

Signed-off-by: Iliyan Velichkov <[email protected]>

code formatting

3fc18fb

Signed-off-by: Iliyan Velichkov <[email protected]>

OpenTelemetry spring boot setup

146c6b7

Signed-off-by: Iliyan Velichkov <[email protected]>

update test controller

263993d

Signed-off-by: Iliyan Velichkov <[email protected]>

update service name

3a36188

Signed-off-by: Iliyan Velichkov <[email protected]>

enable actuator metrics report

32c0aaa

Signed-off-by: Iliyan Velichkov <[email protected]>

otel profile and otel meter example

c332101

Signed-off-by: Iliyan Velichkov <[email protected]>

do not call GlobalOpenTelemetry

885822b

Signed-off-by: Iliyan Velichkov <[email protected]>

add micrometer counter

6496148

Signed-off-by: Iliyan Velichkov <[email protected]>

add custom span with remote call

7f1cf90

Signed-off-by: Iliyan Velichkov <[email protected]>

add manual span via code not annotations

bea4555

Signed-off-by: Iliyan Velichkov <[email protected]>

add query param as span attribute

0e6c17f

Signed-off-by: Iliyan Velichkov <[email protected]>

add span with failure

3147715

Signed-off-by: Iliyan Velichkov <[email protected]>

add call with httpclient + create otel module

c2d648f

Signed-off-by: Iliyan Velichkov <[email protected]>

add repository calls to the example

492356f

Signed-off-by: Iliyan Velichkov <[email protected]>

add trace for scripts execution

3a0e5e9

Signed-off-by: Iliyan Velichkov <[email protected]>

add OpenTelmetry stack setup

d72ee92

Signed-off-by: Iliyan Velichkov <[email protected]>

adapt tests

59ccfdc

Signed-off-by: Iliyan Velichkov <[email protected]>

loki cleanup, opensearch using docker profile only

55c11c6

Signed-off-by: Iliyan Velichkov <[email protected]>

add Dirigible sample project

0ec0207

Signed-off-by: Iliyan Velichkov <[email protected]>

export traces to debug as well

d68293f

Signed-off-by: Iliyan Velichkov <[email protected]>

iliyan-velichkov added 11 commits November 25, 2024 16:22

update README.md

702fdeb

Signed-off-by: Iliyan Velichkov <[email protected]>

less verbose debug exporter

05d0b31

Signed-off-by: Iliyan Velichkov <[email protected]>

update README.md, update sample project

9ce4489

Signed-off-by: Iliyan Velichkov <[email protected]>

add job details to the job execution span

02dc178

Signed-off-by: Iliyan Velichkov <[email protected]>

enable flowable actuator

cb4b533

Signed-off-by: Iliyan Velichkov <[email protected]>

export flowable metrics based on data in flowable actuator endpoint

ba3a8ff

Signed-off-by: Iliyan Velichkov <[email protected]>

add traces for BPM tasks execution

051618f

Signed-off-by: Iliyan Velichkov <[email protected]>

more details in js and ts endpoints

75756e4

Signed-off-by: Iliyan Velichkov <[email protected]>

remove span names for the endpoints

7d1e621

Signed-off-by: Iliyan Velichkov <[email protected]>

add traces for the synchronizers

da1e136

Signed-off-by: Iliyan Velichkov <[email protected]>

rebase with master

cd86fdb

Signed-off-by: Iliyan Velichkov <[email protected]>

iliyan-velichkov force-pushed the otel branch from e5f36b5 to cd86fdb Compare November 25, 2024 14:26

iliyan-velichkov added 6 commits November 26, 2024 12:15

fix flowable close

f75008e

Signed-off-by: Iliyan Velichkov <[email protected]>

update headers

9147afb

Signed-off-by: Iliyan Velichkov <[email protected]>

fix local tests execution

91cda95

Signed-off-by: Iliyan Velichkov <[email protected]>

add custom quartz metrics

81f9b24

Signed-off-by: Iliyan Velichkov <[email protected]>

wip - camel metrics and traces

c1fd7b3

Signed-off-by: Iliyan Velichkov <[email protected]>

code formatting

64d1fd1

Signed-off-by: Iliyan Velichkov <[email protected]>

@@ -258,10 +258,10 @@
                 public boolean isValid(String inputPath) {
-                    String registryPath = getDirigibleWorkingDirectory().toString();
-                    String normalizedInputPath = java.nio.file.Path.of(inputPath)
-                                                                   .normalize()
-                                                                   .toString();
-                    File file = new File(registryPath, normalizedInputPath);
+                    Path registryPath = getDirigibleWorkingDirectory().toPath().normalize();
+                    if (!registryPath.toString().endsWith(File.separator)) {
+                        registryPath = registryPath.resolve(File.separator);
+                    }
+                    Path normalizedInputPath = java.nio.file.Path.of(inputPath).normalize();
+                    Path filePath = registryPath.resolve(normalizedInputPath);
                     try {
-                        return file.getCanonicalPath()
-                                   .startsWith(registryPath);
+                        return filePath.toFile().getCanonicalPath().startsWith(registryPath.toString());
                     } catch (IOException e) {

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OpenTelemetry for Eclipse Dirigible #4451

OpenTelemetry for Eclipse Dirigible #4451

iliyan-velichkov commented Nov 19, 2024 •

edited

Loading

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

OpenTelemetry for Eclipse Dirigible #4451

Are you sure you want to change the base?

OpenTelemetry for Eclipse Dirigible #4451

Conversation

iliyan-velichkov commented Nov 19, 2024 • edited Loading

iliyan-velichkov commented Nov 19, 2024 •

edited

Loading