boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

- protection against RAM overflow caused by new peer rss news

Browse Source 
- more XSS protection

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@4742 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
orbiter 17 years ago
parent 685794e7e7
commit d0b893523e
8 changed files with 32 additions and 8 deletions
Show Stats Download Patch File Download Diff File

2
htroot/Connections_p.java
Unescape View File

@ -199,7 +199,7 @@ public final class Connections_p {
// TODO Auto-generated catch block
e.printStackTrace();
}
prop.put("list_" + idx + "_sessionName", currentSession.getName());
prop.putHTML("list_" + idx + "_sessionName", currentSession.getName());
prop.put("list_" + idx + "_proto", prot);
if (sessionTime > 1000*60) {
prop.put("list_" + idx + "_ms", "0");

2
htroot/yacy/search.java
Unescape View File

@ -180,7 +180,7 @@ public final class search {
theQuery = new plasmaSearchQuery(null, queryhashes, excludehashes, rankingProfile, maxdist, prefer, plasmaSearchQuery.contentdomParser(contentdom), false, count, 0, filter, plasmaSearchQuery.SEARCHDOM_LOCAL, null, -1, constraint, false, yacyURL.TLD_any_zone_filter, client);
theQuery.domType = plasmaSearchQuery.SEARCHDOM_LOCAL;
yacyCore.log.logInfo("INIT HASH SEARCH (query-" + abstracts + "): " + plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes) + " - " + theQuery.displayResults() + " links");
RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Remote Search Request from " + remoteSeed.getName(), plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes)));
RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Remote Search Request from " + remoteSeed.getName(), plasmaSearchQuery.anonymizedQueryHashes(theQuery.queryHashes)));
// make event
theSearch = plasmaSearchEvent.getEvent(theQuery, rankingProfile, sb.wordIndex, sb.crawlResults, null, true);

2
htroot/yacysearchitem.java
Unescape View File

@ -225,7 +225,7 @@ public class yacysearchitem {
((yacyURL.probablyRootURL(result.hash())) ? ", probablyRootURL" : "") +
(((wordURL = yacyURL.probablyWordURL(result.hash(), query[0])) != null) ? ", probablyWordURL=" + wordURL.toNormalform(false, true) : ""));
plasmaSnippetCache.TextSnippet snippet = result.textSnippet();
prop.put("content_snippet", (snippet == null) ? "(snippet not found)" : snippet.getLineMarked(theQuery.queryHashes));
prop.putHTML("content_snippet", (snippet == null) ? "(snippet not found)" : snippet.getLineMarked(theQuery.queryHashes));
serverProfiling.update("SEARCH", new plasmaProfiling.searchEvent(theQuery.id(true), plasmaSearchEvent.FINALIZATION + "-" + item, 0, 0));
return prop;

3
source/de/anomic/plasma/plasmaWordIndex.java
Unescape View File

@ -61,6 +61,7 @@ import de.anomic.server.serverMemory;
import de.anomic.server.logging.serverLog;
import de.anomic.xml.RSSFeed;
import de.anomic.xml.RSSMessage;
import de.anomic.yacy.yacyCore;
import de.anomic.yacy.yacyDHTAction;
import de.anomic.yacy.yacySeedDB;
import de.anomic.yacy.yacyURL;
@ -665,7 +666,7 @@ public final class plasmaWordIndex implements indexRI {
"Anchors: " + ((document.getAnchors() == null) ? 0 : document.getAnchors().size()) +
"\n\tLinkStorageTime: " + (storageEndTime - startTime) + " ms | " +
"indexStorageTime: " + (indexingEndTime - storageEndTime) + " ms");
RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Indexed web page", entry.url().toNormalform(true, false)));
RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Indexed web page", entry.url().toNormalform(true, false)));
}
// finished

8
source/de/anomic/yacy/yacyCore.java
Unescape View File

@ -76,6 +76,8 @@ import de.anomic.server.serverDate;
import de.anomic.server.serverSemaphore;
import de.anomic.server.serverSwitch;
import de.anomic.server.logging.serverLog;
import de.anomic.xml.RSSFeed;
import de.anomic.xml.RSSMessage;
public class yacyCore {
@ -99,6 +101,7 @@ public class yacyCore {
private static final int PING_MIN_DBSIZE = 5;
private static final int PING_MIN_PEERSEEN = 1; // min. accessible to force senior
private static final long PING_MAX_DBAGE = 15 * 60 * 1000; // in milliseconds
public static final String channelName = "PEERNEWS";
// public static yacyShare shareManager = null;
// public static boolean terminate = false;
@ -122,6 +125,11 @@ public class yacyCore {
this.switchboard = sb;
switchboard.setConfig("yacyStatus", "");
// create a peer news channel
RSSFeed peernews = RSSFeed.channels(channelName);
peernews.setMaxsize(100);
peernews.addMessage(new RSSMessage("YaCy started", ""));
// set log level
log = new serverLog("YACY");

4
source/de/anomic/yacy/yacyNewsAction.java
Unescape View File

@ -66,7 +66,7 @@ public class yacyNewsAction implements yacyPeerAction {
String decodedString = de.anomic.tools.crypt.simpleDecode(recordString, "");
yacyNewsRecord record = yacyNewsRecord.newRecord(decodedString);
if (record != null) {
RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Peer Arrival", peer.getName() + " has joined the network"));
RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Peer Arrival", peer.getName() + " has joined the network"));
//System.out.println("### news arrival from peer " + peer.getName() + ", decoded=" + decodedString + ", record=" + recordString + ", news=" + record.toString());
String cre1 = (String) serverCodings.string2map(decodedString, ",").get("cre");
String cre2 = (String) serverCodings.string2map(record.toString(), ",").get("cre");
@ -83,7 +83,7 @@ public class yacyNewsAction implements yacyPeerAction {
}
public void processPeerDeparture(yacySeed peer) {
RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Peer Departure", peer.getName() + " has left the network"));
RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Peer Departure", peer.getName() + " has left the network"));
}
public void processPeerPing(yacySeed peer) {

2
source/de/anomic/yacy/yacyNewsPool.java
Unescape View File

@ -342,7 +342,7 @@ public class yacyNewsPool {
incomingNews.push(record);
// add message to feed channel
//RSSFeed.channels("PEERNEWS").addMessage(new RSSMessage("Incoming News: " + record.category() + " from " + record.originator(), record.attributes().toString()));
//RSSFeed.channels(yacyCore.channelName).addMessage(new RSSMessage("Incoming News: " + record.category() + " from " + record.originator(), record.attributes().toString()));
}
public int size(int dbKey) {

17
source/de/anomic/yacy/yacySeed.java
Unescape View File

@ -191,6 +191,7 @@ public class yacySeed {
final String flags = (String) this.dna.get(yacySeed.FLAGS);
if ((flags == null) || (flags.length() != 4)) { this.dna.put(yacySeed.FLAGS, yacySeed.FLAGSZERO); }
this.available = 0;
this.dna.put(yacySeed.NAME, checkPeerName(get(yacySeed.NAME, "∅")));
}
public yacySeed(String theHash) {
@ -263,6 +264,17 @@ public class yacySeed {
return name;
}
/**
* check the peer name: protect against usage as XSS hack
* @param name
* @return a checked name without "<" and ">"
*/
private static String checkPeerName(String name) {
name.replaceAll("<", "_");
name.replaceAll(">", "_");
return name;
}
/**
* Checks for the static fragments of a generated default peer name, such as the string 'dpn'
* @see #makeDefaultPeerName()
@ -363,7 +375,7 @@ public class yacySeed {
}
public final String getName() {
return get(yacySeed.NAME, "&empty;");
return checkPeerName(get(yacySeed.NAME, "&empty;"));
}
public final String getHexHash() {
@ -811,6 +823,9 @@ public class yacySeed {
final String seed = crypt.simpleDecode(seedStr, key);
if (seed == null) { return null; }
final HashMap<String, String> dna = serverCodings.string2map(seed, ",");
String peerName = dna.get(yacySeed.NAME);
if (peerName == null) return null;
dna.put(yacySeed.NAME, checkPeerName(peerName));
final String hash = (String) dna.remove(yacySeed.HASH);
final yacySeed resultSeed = new yacySeed(hash, dna);
if (properTest) {

Write Preview
Loading…
Cancel
Save