apache / lucene

Apache Lucene open-source search software
https://lucene.apache.org/
Apache License 2.0
2.71k stars 1.04k forks source link

Possible security issue when parsing XML documents containing external entity references [LUCENE-8291] #9338

Closed asfimport closed 6 years ago

asfimport commented 6 years ago

It appears that in QueryTemplateManager.java lines 149 and 198 and in DOMUtils.java line 204 XML is parsed without disabling external entity references (XXE). This is described in http://cwe.mitre.org/data/definitions/611.html and possible mitigations are listed here: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet

All recent versions of lucene are affected.


Migrated from LUCENE-8291 by Hendrik Saly, resolved Jun 27 2018 Attachments: LUCENE-8291.patch, LUCENE-8291-2.patch

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

We will remove this class as it is not really used in Lucene and Solr, it's just a convenience class.

In fact it's not really a security issue, because it is just a way for an application to use template XML files for the XML query parser where properties can be replaced. The XML file is not intended to be loaded from untrusted sources. Anybody doing this has misunderstood the whole class anyways and will fail to use it. So this looks like just an issue reported by some automated code safety testing tool.

For the template manager the use case is: You have an XML/XSL file as a query template in your local JAR resources folder and you use properties to replace the property placeholders in the XML before passing it to XML query parser. If used correctly there is never any external possibility to inject XML. So there is no need to fix this. If there is the possibility to pass in an untrusted XML file it's the application's fault, not Lucene's.

Nevertheless, as the above functionality can be done outside of Lucene easily; so let's remove this class. Its mostly untested and not used in the wild (github search).

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

Patch removing this class and examples: LUCENE-8291.patch

LUCENE-8291.patch ```diff .../queryparser/xml/QueryTemplateManager.java | 202 --------------------- .../queryparser/xml/TestQueryTemplateManager.java | 163 ----------------- .../lucene/queryparser/xml/albumBooleanQuery.xsl | 48 ----- .../lucene/queryparser/xml/albumFilteredQuery.xsl | 47 ----- .../queryparser/xml/albumLuceneClassicQuery.xsl | 29 --- 5 files changed, 489 deletions(-) diff --git a/lucene/queryparser/src/java/org/apache/lucene/queryparser/xml/QueryTemplateManager.java b/lucene/queryparser/src/java/org/apache/lucene/queryparser/xml/QueryTemplateManager.java deleted file mode 100644 index d454b28..0000000 --- a/lucene/queryparser/src/java/org/apache/lucene/queryparser/xml/QueryTemplateManager.java +++ /dev/null @@ -1,202 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.lucene.queryparser.xml; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.*; -import javax.xml.transform.dom.DOMResult; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; -import java.io.StringWriter; -import java.io.IOException; -import java.io.InputStream; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Properties; - -/** - * Provides utilities for turning query form input (such as from a web page or Swing gui) into - * Lucene XML queries by using XSL templates. This approach offers a convenient way of externalizing - * and changing how user input is turned into Lucene queries. - * Database applications often adopt similar practices by externalizing SQL in template files that can - * be easily changed/optimized by a DBA. - * The static methods can be used on their own or by creating an instance of this class you can store and - * re-use compiled stylesheets for fast use (e.g. in a server environment) - */ -public class QueryTemplateManager { - static final DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - static final TransformerFactory tFactory = TransformerFactory.newInstance(); - - HashMap compiledTemplatesCache = new HashMap<>(); - Templates defaultCompiledTemplates = null; - - - public QueryTemplateManager() { - - } - - public QueryTemplateManager(InputStream xslIs) - throws TransformerConfigurationException, ParserConfigurationException, SAXException, IOException { - addDefaultQueryTemplate(xslIs); - } - - public void addDefaultQueryTemplate(InputStream xslIs) - throws TransformerConfigurationException, ParserConfigurationException, SAXException, IOException { - defaultCompiledTemplates = getTemplates(xslIs); - } - - public void addQueryTemplate(String name, InputStream xslIs) - throws TransformerConfigurationException, ParserConfigurationException, SAXException, IOException { - compiledTemplatesCache.put(name, getTemplates(xslIs)); - } - - public String getQueryAsXmlString(Properties formProperties, String queryTemplateName) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - Templates ts = compiledTemplatesCache.get(queryTemplateName); - return getQueryAsXmlString(formProperties, ts); - } - - public Document getQueryAsDOM(Properties formProperties, String queryTemplateName) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - Templates ts = compiledTemplatesCache.get(queryTemplateName); - return getQueryAsDOM(formProperties, ts); - } - - public String getQueryAsXmlString(Properties formProperties) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - return getQueryAsXmlString(formProperties, defaultCompiledTemplates); - } - - public Document getQueryAsDOM(Properties formProperties) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - return getQueryAsDOM(formProperties, defaultCompiledTemplates); - } - - /** - * Fast means of constructing query using a precompiled stylesheet - */ - public static String getQueryAsXmlString(Properties formProperties, Templates template) - throws ParserConfigurationException, TransformerException { - // TODO: Suppress XML header with encoding (as Strings have no encoding) - StringWriter writer = new StringWriter(); - StreamResult result = new StreamResult(writer); - transformCriteria(formProperties, template, result); - return writer.toString(); - } - - /** - * Slow means of constructing query parsing a stylesheet from an input stream - */ - public static String getQueryAsXmlString(Properties formProperties, InputStream xslIs) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - // TODO: Suppress XML header with encoding (as Strings have no encoding) - StringWriter writer = new StringWriter(); - StreamResult result = new StreamResult(writer); - transformCriteria(formProperties, xslIs, result); - return writer.toString(); - } - - - /** - * Fast means of constructing query using a cached,precompiled stylesheet - */ - public static Document getQueryAsDOM(Properties formProperties, Templates template) - throws ParserConfigurationException, TransformerException { - DOMResult result = new DOMResult(); - transformCriteria(formProperties, template, result); - return (Document) result.getNode(); - } - - - /** - * Slow means of constructing query - parses stylesheet from input stream - */ - public static Document getQueryAsDOM(Properties formProperties, InputStream xslIs) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - DOMResult result = new DOMResult(); - transformCriteria(formProperties, xslIs, result); - return (Document) result.getNode(); - } - - - /** - * Slower transformation using an uncompiled stylesheet (suitable for development environment) - */ - public static void transformCriteria(Properties formProperties, InputStream xslIs, Result result) - throws SAXException, IOException, ParserConfigurationException, TransformerException { - dbf.setNamespaceAware(true); - DocumentBuilder builder = dbf.newDocumentBuilder(); - org.w3c.dom.Document xslDoc = builder.parse(xslIs); - DOMSource ds = new DOMSource(xslDoc); - - Transformer transformer = null; - synchronized (tFactory) { - transformer = tFactory.newTransformer(ds); - } - transformCriteria(formProperties, transformer, result); - } - - /** - * Fast transformation using a pre-compiled stylesheet (suitable for production environments) - */ - public static void transformCriteria(Properties formProperties, Templates template, Result result) - throws ParserConfigurationException, TransformerException { - transformCriteria(formProperties, template.newTransformer(), result); - } - - - public static void transformCriteria(Properties formProperties, Transformer transformer, Result result) - throws ParserConfigurationException, TransformerException { - dbf.setNamespaceAware(true); - - //Create an XML document representing the search index document. - DocumentBuilder db = dbf.newDocumentBuilder(); - org.w3c.dom.Document doc = db.newDocument(); - Element root = doc.createElement("Document"); - doc.appendChild(root); - - Enumeration keysEnum = formProperties.propertyNames(); - while (keysEnum.hasMoreElements()) { - String propName = keysEnum.nextElement().toString(); - String value = formProperties.getProperty(propName); - if ((value != null) && (value.length() > 0)) { - DOMUtils.insertChild(root, propName, value); - } - } - //Use XSLT to to transform into an XML query string using the queryTemplate - DOMSource xml = new DOMSource(doc); - transformer.transform(xml, result); - } - - /** - * Parses a query stylesheet for repeated use - */ - public static Templates getTemplates(InputStream xslIs) - throws ParserConfigurationException, SAXException, IOException, TransformerConfigurationException { - dbf.setNamespaceAware(true); - DocumentBuilder builder = dbf.newDocumentBuilder(); - org.w3c.dom.Document xslDoc = builder.parse(xslIs); - DOMSource ds = new DOMSource(xslDoc); - return tFactory.newTemplates(ds); - } -} diff --git a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/TestQueryTemplateManager.java b/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/TestQueryTemplateManager.java deleted file mode 100644 index 5ee693f..0000000 --- a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/TestQueryTemplateManager.java +++ /dev/null @@ -1,163 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.lucene.queryparser.xml; - -import org.apache.lucene.analysis.Analyzer; -import org.apache.lucene.analysis.MockAnalyzer; -import org.apache.lucene.document.Field; -import org.apache.lucene.index.DirectoryReader; -import org.apache.lucene.index.IndexReader; -import org.apache.lucene.index.IndexWriter; -import org.apache.lucene.search.IndexSearcher; -import org.apache.lucene.search.Query; -import org.apache.lucene.store.Directory; -import org.apache.lucene.util.Constants; -import org.apache.lucene.util.LuceneTestCase; -import org.w3c.dom.Document; -import org.xml.sax.SAXException; - -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.util.Properties; -import java.util.StringTokenizer; - - -/** - * This class illustrates how form input (such as from a web page or Swing gui) can be - * turned into Lucene queries using a choice of XSL templates for different styles of queries. - */ -public class TestQueryTemplateManager extends LuceneTestCase { - - private CoreParser builder; - private Analyzer analyzer; - private IndexSearcher searcher; - private IndexReader reader; - private Directory dir; - - //A collection of documents' field values for use in our tests - String docFieldValues[] = - { - "artist=Jeff Buckley \talbum=Grace \treleaseDate=1999 \tgenre=rock", - "artist=Fugazi \talbum=Repeater \treleaseDate=1990 \tgenre=alternative", - "artist=Fugazi \talbum=Red Medicine \treleaseDate=1995 \tgenre=alternative", - "artist=Peeping Tom \talbum=Peeping Tom \treleaseDate=2006 \tgenre=rock", - "artist=Red Snapper \talbum=Prince Blimey \treleaseDate=1996 \tgenre=electronic" - }; - - //A collection of example queries, consisting of name/value pairs representing form content plus - // a choice of query style template to use in the test, with expected number of hits - String queryForms[] = - { - "artist=Fugazi \texpectedMatches=2 \ttemplate=albumBooleanQuery", - "artist=Fugazi \treleaseDate=1990 \texpectedMatches=1 \ttemplate=albumBooleanQuery", - "artist=Buckley \tgenre=rock \texpectedMatches=1 \ttemplate=albumFilteredQuery", - "artist=Buckley \tgenre=electronic \texpectedMatches=0 \ttemplate=albumFilteredQuery", - "queryString=artist:buckly~ NOT genre:electronic \texpectedMatches=1 \ttemplate=albumLuceneClassicQuery" - }; - - - public void testFormTransforms() throws SAXException, IOException, ParserConfigurationException, TransformerException, ParserException { - assumeFalse("test temporarily disabled on J9, see https://issues.apache.org/jira/browse/LUCENE-6556", - Constants.JAVA_VENDOR.startsWith("IBM")); - //Cache all the query templates we will be referring to. - QueryTemplateManager qtm = new QueryTemplateManager(); - qtm.addQueryTemplate("albumBooleanQuery", getClass().getResourceAsStream("albumBooleanQuery.xsl")); - qtm.addQueryTemplate("albumFilteredQuery", getClass().getResourceAsStream("albumFilteredQuery.xsl")); - qtm.addQueryTemplate("albumLuceneClassicQuery", getClass().getResourceAsStream("albumLuceneClassicQuery.xsl")); - //Run all of our test queries - for (String queryForm : queryForms) { - Properties queryFormProperties = getPropsFromString(queryForm); - - //Get the required query XSL template for this test -// Templates template=getTemplate(queryFormProperties.getProperty("template")); - - //Transform the queryFormProperties into a Lucene XML query - Document doc = qtm.getQueryAsDOM(queryFormProperties, queryFormProperties.getProperty("template")); - - //Parse the XML query using the XML parser - Query q = builder.getQuery(doc.getDocumentElement()); - - //Run the query - long h = searcher.search(q, 1000).totalHits; - - //Check we have the expected number of results - int expectedHits = Integer.parseInt(queryFormProperties.getProperty("expectedMatches")); - assertEquals("Number of results should match for query " + queryForm, expectedHits, h); - - } - } - - //Helper method to construct Lucene query forms used in our test - Properties getPropsFromString(String nameValuePairs) { - Properties result = new Properties(); - StringTokenizer st = new StringTokenizer(nameValuePairs, "\t="); - while (st.hasMoreTokens()) { - String name = st.nextToken().trim(); - if (st.hasMoreTokens()) { - String value = st.nextToken().trim(); - result.setProperty(name, value); - } - } - return result; - } - - //Helper method to construct Lucene documents used in our tests - org.apache.lucene.document.Document getDocumentFromString(String nameValuePairs) { - org.apache.lucene.document.Document result = new org.apache.lucene.document.Document(); - StringTokenizer st = new StringTokenizer(nameValuePairs, "\t="); - while (st.hasMoreTokens()) { - String name = st.nextToken().trim(); - if (st.hasMoreTokens()) { - String value = st.nextToken().trim(); - result.add(newTextField(name, value, Field.Store.YES)); - } - } - return result; - } - - /* - * @see TestCase#setUp() - */ - @Override - public void setUp() throws Exception { - super.setUp(); - - analyzer = new MockAnalyzer(random()); - //Create an index - dir = newDirectory(); - IndexWriter w = new IndexWriter(dir, newIndexWriterConfig(analyzer)); - for (String docFieldValue : docFieldValues) { - w.addDocument(getDocumentFromString(docFieldValue)); - } - w.forceMerge(1); - w.close(); - reader = DirectoryReader.open(dir); - searcher = newSearcher(reader); - - //initialize the parser - builder = new CorePlusExtensionsParser("artist", analyzer); - - } - - @Override - public void tearDown() throws Exception { - reader.close(); - dir.close(); - super.tearDown(); - } -} diff --git a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumBooleanQuery.xsl b/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumBooleanQuery.xsl deleted file mode 100644 index d420776..0000000 --- a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumBooleanQuery.xsl +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumFilteredQuery.xsl b/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumFilteredQuery.xsl deleted file mode 100644 index b1369f5..0000000 --- a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumFilteredQuery.xsl +++ /dev/null @@ -1,47 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumLuceneClassicQuery.xsl b/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumLuceneClassicQuery.xsl deleted file mode 100644 index e673a79..0000000 --- a/lucene/queryparser/src/test/org/apache/lucene/queryparser/xml/albumLuceneClassicQuery.xsl +++ /dev/null @@ -1,29 +0,0 @@ - - - - - - - - - - - - \ No newline at end of file ```
asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit 11c6a7ad8824f54fdf61d30579ef9689172253e9 in lucene-solr's branch refs/heads/master from @uschindler https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=11c6a7a

LUCENE-8291: Remove QueryTemplateManager utility class from XML queryparser

asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit f4fae49f0e6363b38b8898079dd904a364ce332a in lucene-solr's branch refs/heads/branch_7x from @uschindler https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=f4fae49

LUCENE-8291: Remove QueryTemplateManager utility class from XML queryparser

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

Removed this utility class. Thanks for reporting!

asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit 09a789f535007c907c8dc55f3ae4e4e9ca9c8ee3 in lucene-solr's branch refs/heads/master from @mkhludnev https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=09a789f

LUCENE-8291: Build Fix. Removing Demo Servlet.

asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit 897f6b37eec6aefc90a9981ae99b8be9ea3c17b8 in lucene-solr's branch refs/heads/branch_7x from @mkhludnev https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=897f6b3

LUCENE-8291: Build Fix. Removing Demo Servlet.

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

I forgot to remove the test in the demo module.

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

@mkhludnev fixed this a minute ago: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/09a789f5 (master) and http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/897f6b37 (7.x)

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

After looking at the demo module, the servlet api is no longer used there. I'll remove the dependency from ivy.xml.

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

I did not notice, that the whole demo webapplication is now obsolete. So I removed it, too. We should just make sure that we have some lucene demo available that actually works. But from looking at the code this was more or less a template engine, so not really useful for a programmer. It was just a nice looking demo.

Maybe we should move the QueryParserTemplate manager to the demoe webapp as a private class and just use it from there? If yes, I'd revert @mkhludnev's changed and the removal of the webapp / ivy deps.

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

This patch removes remaining obsolete stuff (demo webapp, which is not even tested!): LUCENE-8291-2.patch

LUCENE-8291-2.patch ```diff lucene/demo/build.xml | 20 --- lucene/demo/ivy.xml | 7 - .../lucene/demo/xmlparser/META-INF/MANIFEST.MF | 3 - .../apache/lucene/demo/xmlparser/WEB-INF/data.tsv | 5 - .../apache/lucene/demo/xmlparser/WEB-INF/query.xsl | 74 ----------- .../apache/lucene/demo/xmlparser/WEB-INF/web.xml | 49 ------- .../org/apache/lucene/demo/xmlparser/index.jsp | 145 --------------------- .../apache/lucene/demo/xmlparser/stylesheet.css | 23 ---- lucene/ivy-ignore-conflicts.properties | 1 - lucene/ivy-versions.properties | 1 - lucene/licenses/servlet-api-2.4.jar.sha1 | 1 - lucene/licenses/servlet-api-LICENSE-CDDL.txt | 126 ------------------ lucene/licenses/servlet-api-NOTICE.txt | 2 - 13 files changed, 457 deletions(-) diff --git a/lucene/demo/build.xml b/lucene/demo/build.xml index 1157061..d5e50ad 100644 --- a/lucene/demo/build.xml +++ b/lucene/demo/build.xml @@ -37,7 +37,6 @@ - - - - - - - Compiling XML QueryParser Demo WAR - - - - - - - - - - - - - diff --git a/lucene/demo/ivy.xml b/lucene/demo/ivy.xml index 5dd7e74..69076d1 100644 --- a/lucene/demo/ivy.xml +++ b/lucene/demo/ivy.xml @@ -18,11 +18,4 @@ --> - - - - - - - diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/META-INF/MANIFEST.MF b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/META-INF/MANIFEST.MF deleted file mode 100644 index 254272e..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/META-INF/MANIFEST.MF +++ /dev/null @@ -1,3 +0,0 @@ -Manifest-Version: 1.0 -Class-Path: - diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/data.tsv b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/data.tsv deleted file mode 100644 index 806ba68..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/data.tsv +++ /dev/null @@ -1,5 +0,0 @@ -South 100 Contract Java developer required to work within a small development group. Minimum 3+ years experience developing web applications in Java with exposure to Open Source technologies such as Spring, Hibernate, Eclipse, Struts, Lucene, Tomcat -North 078 Permanent Seeking developer with VB.NET, HTML, CSS, JavaScript, ASP. NET, SQL Query Analyzer, Visual Studio. NET, SQL Profiler -East 100 Permanent Project Manager - currently seeking a Project Manager to be based in London with experience of running multiple projects within budget. Candidate will come with a strong project management background, ideally from a technical background with web related experience and project management methodology such as Prince 2 -West 085 Contract Oracle DBA required to provide 3rd line support, maintenance and database restore for company's production systems. Experienced in SQL, PL/SQL Oracle databases (9i & 10GR2), Oracle RAC, RMAN and Data Guard. Ideally with, Linux and Windows experience -North 099 Permanent Search engine developer required with experience in the following technologies: Java, Lucene, Solr, Spring, JSP, MySQL, Tomcat, JavaScript, Ant / Ivy, Subversion \ No newline at end of file diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/query.xsl b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/query.xsl deleted file mode 100644 index 9bc59e0..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/query.xsl +++ /dev/null @@ -1,74 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/web.xml b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/web.xml deleted file mode 100644 index cc68563..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/WEB-INF/web.xml +++ /dev/null @@ -1,49 +0,0 @@ - - - - - LuceneXmlQueryWebDemo - - - Servlet demonstrating XMLQueryParser - - FormBasedXmlQueryDemo - FormBasedXmlQueryDemo - - org.apache.lucene.xmlparser.webdemo.FormBasedXmlQueryDemo - - - Name of query file held in /WEB-INF - xslFile - query.xsl - - - - Default field used in standard Lucene QueryParser used in UserQuery tag - defaultStandardQueryParserField - jobDescription - - - - FormBasedXmlQueryDemo - /FormBasedXmlQueryDemo - - - index.jsp - - diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/index.jsp b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/index.jsp deleted file mode 100644 index 705f27d..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/index.jsp +++ /dev/null @@ -1,145 +0,0 @@ - -<%@ page language="java" contentType="text/html; charset=ISO-8859-1" -import="org.apache.lucene.search.*,org.apache.lucene.document.*" -pageEncoding="ISO-8859-1"%> - - - - - - XML Query Parser demo - - -

Job Search

-<% - // Load form variables - String description=request.getParameter("description"); - String type=request.getParameter("type"); - String salaryRange=request.getParameter("salaryRange"); -%> -
- - - - - - - - - - - - - - - - - - - - - - - -
Description - "/> -
Type - -
Salary - -
Locations -<% - String locs[]={"South","North","East","West"}; - boolean allLocsBlank=true; - for(int i=0;i - - checked="checked" -<% } -%> - type="checkbox"/> - -<% - } -%> -
- -
-
-<% - Document[] results=(Document[])request.getAttribute("results"); - if(results!=null) - { -%> - - - - - - - - <% - for (int i = 0; i < results.length; i++) - { - Document doc = results[i]; - %> - - - - - - - - <% - } - %> -
TypeLocationSalaryDescription
<%=doc.get("type")%><%=doc.get("location")%><%=doc.get("salary")%>,000<%=doc.get("description")%>
- -<% - }//end if has results -%> - - diff --git a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/stylesheet.css b/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/stylesheet.css deleted file mode 100644 index 4220a69..0000000 --- a/lucene/demo/src/resources/org/apache/lucene/demo/xmlparser/stylesheet.css +++ /dev/null @@ -1,23 +0,0 @@ -BODY {font: 10pt Tahoma; color: #000000; background-color: #FFFFFF} -P {font: 10pt Tahoma} -BIG {font: 14pt Tahoma} -#A { color: #FFFFFF;text-decoration: none underline} -A { text-decoration: none underline} -#A:hover {color: #ff33ff; text-decoration: none} -A:hover {color: #9A00C0; text-decoration: none} - - -.resultsHeader {font: bold 10pt Tahoma; color: #000000; background-color: #DCE2EE} -.formHeader {font: bold 10pt Tahoma; text-align:right; color: #000000; } -TD {font: 10pt Tahoma; color: #000000; } -TR.resultsRow:hover {font: 10pt Tahoma; color: #000000; background-color: #ECF2FE} -.resultNum {text-align:right} -FORM {display: inline} -H1 {font: bold 16pt Tahoma} -H2 {font: bold 14pt Tahoma} -H3 {font: bold 12pt Tahoma} -SPAN.h1 {font: bold 22pt Tahoma} -SPAN.h2 {font: bold 14pt Tahoma} - -SMALL {font: 8pt Tahoma} -SELECT {font: 10pt Tahoma; } diff --git a/lucene/ivy-ignore-conflicts.properties b/lucene/ivy-ignore-conflicts.properties index 3e80311..6300bdf 100644 --- a/lucene/ivy-ignore-conflicts.properties +++ b/lucene/ivy-ignore-conflicts.properties @@ -10,5 +10,4 @@ # trigger a conflict) when the ant check-lib-versions target is run. /com.google.guava/guava = 16.0.1 -/javax.servlet/servlet-api = 2.5, 3.0-alpha-1 /org.ow2.asm/asm = 5.0_BETA \ No newline at end of file diff --git a/lucene/ivy-versions.properties b/lucene/ivy-versions.properties index 8fcfeee..0486ece 100644 --- a/lucene/ivy-versions.properties +++ b/lucene/ivy-versions.properties @@ -79,7 +79,6 @@ io.prometheus.version = 0.2.0 /javax.activation/activation = 1.1.1 /javax.servlet/javax.servlet-api = 3.1.0 -/javax.servlet/servlet-api = 2.4 /joda-time/joda-time = 2.2 /junit/junit = 4.10 diff --git a/lucene/licenses/servlet-api-2.4.jar.sha1 b/lucene/licenses/servlet-api-2.4.jar.sha1 deleted file mode 100644 index f1dc0ee..0000000 --- a/lucene/licenses/servlet-api-2.4.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -3fc542fe8bb8164e8d3e840fe7403bc0518053c0 diff --git a/lucene/licenses/servlet-api-LICENSE-CDDL.txt b/lucene/licenses/servlet-api-LICENSE-CDDL.txt deleted file mode 100644 index b75b04f..0000000 --- a/lucene/licenses/servlet-api-LICENSE-CDDL.txt +++ /dev/null @@ -1,126 +0,0 @@ -COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0 - -1. Definitions. - - 1.1. Contributor. means each individual or entity that creates or contributes to the creation of Modifications. - - 1.2. Contributor Version. means the combination of the Original Software, prior Modifications used by a Contributor (if any), and the Modifications made by that particular Contributor. - - 1.3. Covered Software. means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof. - - 1.4. Executable. means the Covered Software in any form other than Source Code. - - 1.5. Initial Developer. means the individual or entity that first makes Original Software available under this License. - - 1.6. Larger Work. means a work which combines Covered Software or portions thereof with code not governed by the terms of this License. - - 1.7. License. means this document. - - 1.8. Licensable. means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. - - 1.9. Modifications. means the Source Code and Executable form of any of the following: - - A. Any file that results from an addition to, deletion from or modification of the contents of a file containing Original Software or previous Modifications; - - B. Any new file that contains any part of the Original Software or previous Modification; or - - C. Any new file that is contributed or otherwise made available under the terms of this License. - - 1.10. Original Software. means the Source Code and Executable form of computer software code that is originally released under this License. - - 1.11. Patent Claims. means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. - - 1.12. Source Code. means (a) the common form of computer software code in which modifications are made and (b) associated documentation included in or with such code. - - 1.13. You. (or .Your.) means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, .You. includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, .control. means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. - -2. License Grants. - - 2.1. The Initial Developer Grant. - - Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, the Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license: - - (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer, to use, reproduce, modify, display, perform, sublicense and distribute the Original Software (or portions thereof), with or without Modifications, and/or as part of a Larger Work; and - - (b) under Patent Claims infringed by the making, using or selling of Original Software, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software (or portions thereof). - - (c) The licenses granted in Sections 2.1(a) and (b) are effective on the date Initial Developer first distributes or otherwise makes the Original Software available to a third party under the terms of this License. - - (d) Notwithstanding Section 2.1(b) above, no patent license is granted: (1) for code that You delete from the Original Software, or (2) for infringements caused by: (i) the modification of the Original Software, or (ii) the combination of the Original Software with other software or devices. - - 2.2. Contributor Grant. - - Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: - - (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof), either on an unmodified basis, with other Modifications, as Covered Software and/or as part of a Larger Work; and - - (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: (1) Modifications made by that Contributor (or portions thereof); and (2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). - - (c) The licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first distributes or otherwise makes the Modifications available to a third party. - - (d) Notwithstanding Section 2.2(b) above, no patent license is granted: (1) for any code that Contributor has deleted from the Contributor Version; (2) for infringements caused by: (i) third party modifications of Contributor Version, or (ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or (3) under Patent Claims infringed by Covered Software in the absence of Modifications made by that Contributor. - -3. Distribution Obligations. - - 3.1. Availability of Source Code. - Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. You must include a copy of this License with every copy of the Source Code form of the Covered Software You distribute or otherwise make available. You must inform recipients of any such Covered Software in Executable form as to how they can obtain such Covered Software in Source Code form in a reasonable manner on or through a medium customarily used for software exchange. - - 3.2. Modifications. - The Modifications that You create or to which You contribute are governed by the terms of this License. You represent that You believe Your Modifications are Your original creation(s) and/or You have sufficient rights to grant the rights conveyed by this License. - - 3.3. Required Notices. - You must include a notice in each of Your Modifications that identifies You as the Contributor of the Modification. You may not remove or alter any copyright, patent or trademark notices contained within the Covered Software, or any notices of licensing or any descriptive text giving attribution to any Contributor or the Initial Developer. - - 3.4. Application of Additional Terms. - You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License or the recipients. rights hereunder. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, you may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear that any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. - - 3.5. Distribution of Executable Versions. - You may distribute the Executable form of the Covered Software under the terms of this License or under the terms of a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable form does not attempt to limit or alter the recipient.s rights in the Source Code form from the rights set forth in this License. If You distribute the Covered Software in Executable form under a different license, You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. - - 3.6. Larger Works. - You may create a Larger Work by combining Covered Software with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Software. - -4. Versions of the License. - - 4.1. New Versions. - Sun Microsystems, Inc. is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License. - - 4.2. Effect of New Versions. - You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward. - - 4.3. Modified Versions. - When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License. - -5. DISCLAIMER OF WARRANTY. - - COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN .AS IS. BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. - -6. TERMINATION. - - 6.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. - - 6.2. If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as .Participant.) alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant. - - 6.3. In the event of termination under Sections 6.1 or 6.2 above, all end user licenses that have been validly granted by You or any distributor hereunder prior to termination (excluding licenses granted to You by any distributor) shall survive termination. - -7. LIMITATION OF LIABILITY. - - UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY.S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. - -8. U.S. GOVERNMENT END USERS. - - The Covered Software is a .commercial item,. as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of .commercial computer software. (as that term is defined at 48 C.F.R. ? 252.227-7014(a)(1)) and .commercial computer software documentation. as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Software with only those rights set forth herein. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFAR, or other clause or provision that addresses Government rights in computer software under this License. - -9. MISCELLANEOUS. - - This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by the law of the jurisdiction specified in a notice contained within the Original Software (except to the extent applicable law, if any, provides otherwise), excluding such jurisdiction.s conflict-of-law provisions. Any litigation relating to this License shall be subject to the jurisdiction of the courts located in the jurisdiction and venue specified in a notice contained within the Original Software, with the losing party responsible for costs, including, without limitation, court costs and reasonable attorneys. fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. You agree that You alone are responsible for compliance with the United States export administration regulations (and the export control laws and regulation of any other countries) when You use, distribute or otherwise make available any Covered Software. - -10. RESPONSIBILITY FOR CLAIMS. - - As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. - - NOTICE PURSUANT TO SECTION 9 OF THE COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) - - The code released under the CDDL shall be governed by the laws of the State of California (excluding conflict-of-law provisions). Any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California and the state courts of the State of California, with venue lying in Santa Clara County, California. - - diff --git a/lucene/licenses/servlet-api-NOTICE.txt b/lucene/licenses/servlet-api-NOTICE.txt deleted file mode 100644 index 6340ec9..0000000 --- a/lucene/licenses/servlet-api-NOTICE.txt +++ /dev/null @@ -1,2 +0,0 @@ -Servlet-api.jar is under the CDDL license, the original source -code for this can be found at http://www.eclipse.org/jetty/downloads.php ```
asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit 3a73d4b2d60af89b1b88dcf2e484d73927a46bb1 in lucene-solr's branch refs/heads/master from @uschindler https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=3a73d4b

LUCENE-8291: Remove untested/unmaintained demo webapp

asfimport commented 6 years ago

ASF subversion and git services (migrated from JIRA)

Commit c6b8d334f084a4573fb9e644b05d7e0e0091ef4c in lucene-solr's branch refs/heads/branch_7x from @uschindler https://git-wip-us.apache.org/repos/asf?p=lucene-solr.git;h=c6b8d33

LUCENE-8291: Remove untested/unmaintained demo webapp

asfimport commented 6 years ago

Adrien Grand (@jpountz) (migrated from JIRA)

@uschindler Can this issue be closed now?

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

I think so.

asfimport commented 6 years ago

Andrejs Aleksejevs (migrated from JIRA)

I have used this construction to load database configurations, now I got an error.

What's the best way to load configurations for each core in solrconfig.xml?

 

{{<xi:include href="file:///var/lib/solr/conf/database.dih.prod.cr.xml" xmlns:xi="http://www.w3.org/2001/XInclude"&gt; }}

{{<xi:fallback> }}

     <{{xi:include href="file:///var/lib/solr/conf/database.dih.dev.cr.xml" /> }}

</xi:fallback>

{{ </xi:include>}}

 

database.dih.dev.cr.xml

<requestHandler name="/dataimport" class="org.apache.solr.handler.dataimport.DataImportHandler"> <lst name="defaults"> <str name="config">data-config.xml</str> <lst name="datasource"> <str name="driver">org.mariadb.jdbc.Driver</str> <str name="url">jdbc:mysql://localhost:3306database_name</str> <str name="user">userName</str> <str name="password">password</str> </lst> </lst> </requestHandler>

asfimport commented 6 years ago

Uwe Schindler (@uschindler) (migrated from JIRA)

Hi Andrejs Aleksejevs, I think your are in the wrong issue. This is talking about something completely different. But to answer your question about DIH: You can still do this - but you cannot use absolute paths anymore. All xincludes must use relative ⚠ paths that don't escape the Solr home directory.

asfimport commented 6 years ago

Andrejs Aleksejevs (migrated from JIRA)

Hi, @uschindler thanks for the comment. Will try to use it.