TEZ-4699:Add Validation/Canonical checks to avoid path exploitation in CSVResult.java

ramitg254 · ramitg254 · commit a0d8eb97272a · 2026-03-27T17:27:12.000+05:30
diff --git a/tez-tools/analyzers/job-analyzer/src/main/java/org/apache/tez/analyzer/CSVResult.java b/tez-tools/analyzers/job-analyzer/src/main/java/org/apache/tez/analyzer/CSVResult.java
@@ -20,10 +20,12 @@
 
 import java.io.BufferedWriter;
 import java.io.File;
-import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.OutputStreamWriter;
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.StandardOpenOption;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Comparator;
@@ -93,31 +95,44 @@ public void setComments(String comments) {
         '}';
   }
 
-  //For testing
   public void dumpToFile(String fileName) throws IOException {
-    OutputStreamWriter writer = new OutputStreamWriter(
-        new FileOutputStream(new File(fileName)),
-        Charset.forName("UTF-8").newEncoder());
-    BufferedWriter bw = new BufferedWriter(writer);
-    bw.write(Joiner.on(",").join(headers));
-    bw.newLine();
-    for (String[] record : recordsList) {
-
-      if (record.length != headers.length) {
-        continue; //LOG error msg?
-      }
-
-      StringBuilder sb = new StringBuilder();
-      for(int i=0;i<record.length;i++) {
-        sb.append(!Strings.isNullOrEmpty(record[i]) ? record[i] : " ");
-        if (i < record.length - 1) {
-          sb.append(",");
+    File target = validateOutputFile(fileName);
+    Path targetPath = target.toPath();
+
+    try (BufferedWriter bw = new BufferedWriter(
+        new OutputStreamWriter(
+            Files.newOutputStream(targetPath, StandardOpenOption.CREATE_NEW, StandardOpenOption.WRITE),
+            StandardCharsets.UTF_8))) {
+      bw.write(Joiner.on(",").join(headers));
+      bw.newLine();
+      for (String[] record : recordsList) {
+        if (record.length != headers.length) {
+          continue;
         }
+        StringBuilder sb = new StringBuilder();
+        for (int i = 0; i < record.length; i++) {
+          sb.append(!Strings.isNullOrEmpty(record[i]) ? record[i] : " ");
+          if (i < record.length - 1) {
+            sb.append(",");
+          }
+        }
+        bw.write(sb.toString());
+        bw.newLine();
       }
-      bw.write(sb.toString());
-      bw.newLine();
     }
-    bw.flush();
-    bw.close();
+  }
+
+  private static File validateOutputFile(String fileName) throws IOException {
+    if (fileName == null || fileName.trim().isEmpty()) {
+      throw new IllegalArgumentException("fileName must not be null or empty");
+    }
+
+    File target = new File(fileName).getCanonicalFile();
+    File parent = target.getParentFile();
+
+    if (parent == null || !parent.isDirectory()) {
+      throw new IOException("Parent directory does not exist: " + parent);
+    }
+    return target;
   }
 }
diff --git a/tez-tools/analyzers/job-analyzer/src/test/java/org/apache/tez/analyzer/TestCSVResult.java b/tez-tools/analyzers/job-analyzer/src/test/java/org/apache/tez/analyzer/TestCSVResult.java
@@ -0,0 +1,106 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * <p/>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p/>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.tez.analyzer;
+
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.FileAlreadyExistsException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Unit tests for {@link CSVResult#dumpToFile(String)} (validation and atomic create).
+ */
+public class TestCSVResult {
+
+  @Rule
+  public TemporaryFolder tmpDir = new TemporaryFolder();
+  private static final Logger LOG = LoggerFactory.getLogger(TestCSVResult.class);
+
+  @Test
+  public void testDumpToFileWritesContent() throws Exception {
+    Path out = tmpDir.newFolder().toPath().resolve("out.csv");
+    CSVResult result = new CSVResult(new String[] { "h1", "h2" });
+    result.addRecord(new String[] { "a", "b" });
+    result.dumpToFile(out.toString());
+    LOG.info("output file path is : {}", out.getFileName() );
+    String content = new String(Files.readAllBytes(out), StandardCharsets.UTF_8);
+    Assert.assertEquals("h1,h2\na,b\n", content);
+  }
+
+   @Test
+   public void testDumpToFileRejectsExistingFile() throws Exception {
+     Path out = tmpDir.newFile("existing.csv").toPath();
+     CSVResult result = new CSVResult(new String[] { "x" });
+     try {
+       result.dumpToFile(out.toString());
+       Assert.fail("Expected FileAlreadyExistsException when output file already exists");
+     } catch (FileAlreadyExistsException e) {
+       // CREATE_NEW must fail if path already exists (atomic exclusive create)
+     }
+   }
+
+   @Test
+   public void testDumpToFileRejectsMissingParentDir() throws Exception {
+     Path missingParent = tmpDir.getRoot().toPath().resolve("no-such-dir");
+     Path out = missingParent.resolve("out.csv");
+     CSVResult result = new CSVResult(new String[] { "x" });
+     try {
+       result.dumpToFile(out.toString());
+       Assert.fail("Expected IOException when parent directory does not exist");
+     } catch (IOException e) {
+       Assert.assertTrue(e.getMessage().contains("Parent directory does not exist"));
+     }
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void testDumpToFileRejectsNullFileName() throws Exception {
+     new CSVResult(new String[] { "x" }).dumpToFile(null);
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void testDumpToFileRejectsEmptyFileName() throws Exception {
+     new CSVResult(new String[] { "x" }).dumpToFile("");
+   }
+
+   @Test(expected = IllegalArgumentException.class)
+   public void testDumpToFileRejectsBlankFileName() throws Exception {
+     new CSVResult(new String[] { "x" }).dumpToFile("   ");
+   }
+
+   @Test
+   public void testDumpToFileNestedDirectory() throws Exception {
+     Path base = tmpDir.newFolder().toPath();
+     Path nested = base.resolve("a").resolve("b");
+     Files.createDirectories(nested);
+     Path out = nested.resolve("nested.csv");
+     CSVResult result = new CSVResult(new String[] { "h" });
+     result.addRecord(new String[] { "r" });
+     result.dumpToFile(out.toString());
+     Assert.assertEquals("h\nr\n", new String(Files.readAllBytes(out), StandardCharsets.UTF_8));
+   }
+}
