diff --git a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java
index 475ee5ace1ea0d..87c4c4cfa90a68 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/httpv2/rest/GetLogFileAction.java
@@ -32,6 +32,8 @@
import java.io.File;
import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
@@ -51,6 +53,23 @@
*/
@RestController
public class GetLogFileAction extends RestBaseController {
+ /**
+ * This method fetches internal logs via HTTP, which is no longer recommended and will
+ * be deprecated in future versions.
+ *
+ * Using HTTP to fetch logs introduces serious security and performance issues:
+ * - **Security Risks**: Log content may expose sensitive information, allowing attackers to exploit the exposed
+ * HTTP endpoints.
+ * - **Performance Problems**: Frequent HTTP requests can cause significant system load, affecting the
+ * responsiveness and stability of the application.
+ *
+ * It is strongly advised not to use this approach for accessing logs. Any new requirements should be
+ * handled using more secure, reliable, and efficient methods such as log aggregation tools (e.g., ELK, Splunk)
+ * or dedicated internal APIs.
+ *
+ * **Note**: No new HTTP endpoints or types for log access will be accepted.
+ * Any further attempts to extend this HTTP-based log retrieval method will not be supported.
+ */
private final Set logFileTypes = Sets.newHashSet("fe.audit.log");
@RequestMapping(path = "/api/get_log_file", method = {RequestMethod.GET, RequestMethod.HEAD})
@@ -79,7 +98,13 @@ public Object execute(HttpServletRequest request, HttpServletResponse response)
String fileInfos = getFileInfos(logType);
response.setHeader("file_infos", fileInfos);
return ResponseEntityBuilder.ok();
- } else if (method.equals(RequestMethod.GET.name())) {
+ }
+ if (method.equals(RequestMethod.GET.name())) {
+ try {
+ checkAuditLogFileName(logFile);
+ } catch (SecurityException e) {
+ return ResponseEntityBuilder.internalError(e.getMessage());
+ }
File log = getLogFile(logType, logFile);
if (!log.exists() || !log.isFile()) {
return ResponseEntityBuilder.okWithCommonError("Log file not exist: " + log.getName());
@@ -97,6 +122,17 @@ public Object execute(HttpServletRequest request, HttpServletResponse response)
return ResponseEntityBuilder.ok();
}
+ private void checkAuditLogFileName(String logFile) {
+ if (!logFile.matches("^[a-zA-Z0-9._-]+$")) {
+ throw new SecurityException("Invalid file name");
+ }
+ Path normalizedPath = Paths.get(Config.audit_log_dir).resolve(logFile).normalize();
+ // check path is valid or not
+ if (!normalizedPath.startsWith(Config.audit_log_dir)) {
+ throw new SecurityException("Invalid file path: Access outside of permitted directory");
+ }
+ }
+
private String getFileInfos(String logType) {
Map fileInfos = Maps.newTreeMap();
if (logType.equals("fe.audit.log")) {
diff --git a/fe/fe-core/src/test/java/org/apache/doris/httpv2/GetLogFileActionTest.java b/fe/fe-core/src/test/java/org/apache/doris/httpv2/GetLogFileActionTest.java
new file mode 100644
index 00000000000000..8d4cac9b6ad9f4
--- /dev/null
+++ b/fe/fe-core/src/test/java/org/apache/doris/httpv2/GetLogFileActionTest.java
@@ -0,0 +1,60 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.httpv2;
+
+import org.apache.doris.common.Config;
+import org.apache.doris.httpv2.rest.GetLogFileAction;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+
+import java.io.File;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+public class GetLogFileActionTest {
+
+ @TempDir
+ public File tempDir;
+
+ @BeforeAll
+ public static void before() {
+ File tempDir = new File("test/audit.log");
+ tempDir.mkdir();
+ Config.audit_log_dir = tempDir.getAbsolutePath();
+ }
+
+ @Test
+ public void testCheckAuditLogFileName() throws NoSuchMethodException, InvocationTargetException, IllegalAccessException {
+ //private method checkAuditLogFileName
+ GetLogFileAction action = new GetLogFileAction();
+ Method method = GetLogFileAction.class.getDeclaredMethod("checkAuditLogFileName", String.class);
+ method.setAccessible(true);
+ method.invoke(action, "audit.log");
+ method.invoke(action, "fe.audit.log.20241104-1");
+ Assertions.assertThrows(InvocationTargetException.class, () -> method.invoke(action, "../etc/passwd"));
+ Assertions.assertThrows(InvocationTargetException.class, () -> method.invoke(action,
+ "fe.audit.log.20241104-1/../../etc/passwd"));
+ Assertions.assertThrows(InvocationTargetException.class,
+ () -> method.invoke(action, "fe.audit.log.20241104-1; rm -rf /"));
+
+
+ }
+}