Add geojson support for XYPoint#162
Conversation
|
Description has to be changed to xy_point not geo_point :) |
Copy&Paste error. Thanks! |
| throws IOException { | ||
| try (XContentSubParser subParser = new XContentSubParser(parser)) { | ||
| if (subParser.nextToken() != XContentParser.Token.FIELD_NAME) { | ||
| throw new OpenSearchParseException(ERR_MSG_INVALID_TOKEN, subParser.currentToken()); |
There was a problem hiding this comment.
I think it's not safe to return user input as part of the output, learned from the last pentest. I suggest minimize error message to just "token not allowed" and add logger with all required details.
There was a problem hiding this comment.
Could you share what security risk this might contain?
There was a problem hiding this comment.
sure, in my report they have call it "User Input Reflected on Error" and marked it as "Medium" severity
There was a problem hiding this comment.
Thanks @martin-gaievski . subParser.currentToken() is not random user input. It is enum defined in XContentParser.Token. So, I think there is no security risk returning it.
|
|
||
| private static XYPoint parseGeoPointObjectBasicFields(final XContentParser parser, final XYPoint point) throws IOException { | ||
| HashMap<String, Double> data = new HashMap<>(); | ||
| for (int i = 0; i < 2; i++) { |
There was a problem hiding this comment.
better introduce/use constant IMO
There was a problem hiding this comment.
This number is specific to this method. Let me use variable instead to make its meaning to be explicit.
| if (parser.currentToken() == XContentParser.Token.START_ARRAY) { | ||
| return parseXYPointArray(parser, ignoreZValue, x, y); | ||
| String field = parser.currentName(); | ||
| if (X_PARAMETER.equals(field) == false && Y_PARAMETER.equals(field) == false) { |
There was a problem hiding this comment.
I assume syntax with "==" is for better readability, correct?
There was a problem hiding this comment.
Yes. OpenSearch's standard convention is avoiding negation like !X_PARAMETER.equals(field)
| try { | ||
| data.put(field, parser.doubleValue(true)); | ||
| } catch (NumberFormatException e) { | ||
| throw new OpenSearchParseException("[{}] and [{}] must be valid double values", e, X_PARAMETER, Y_PARAMETER); |
There was a problem hiding this comment.
Wouldn't it be consistent to create anew constant for error message here?
There was a problem hiding this comment.
The message is used only in this method. I don't think it is worth to make is as a constant?
There was a problem hiding this comment.
I'm leaving it up to you, but I would make it a constant anyway. From my experience it helps to avoid creating multiple identical messages with slightly different wording. If all messages are in one place chance is higher that next person will reuse one from the list.
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Show resolved
Hide resolved
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Heemin Kim <heemin@amazon.com>
Signed-off-by: Heemin Kim <heemin@amazon.com>
heemin32
force-pushed
the
geojson
branch
2 times, most recently
from
b46c3b6 to
a724add
Compare
src/main/java/org/opensearch/geospatial/index/mapper/xypoint/XYPointParser.java
Outdated
Show resolved
Hide resolved
heemin32
force-pushed
the
geojson
branch
2 times, most recently
from
5b92ffd to
b86c3c0
Compare
Signed-off-by: Heemin Kim <heemin@amazon.com>
heemin32
added
backport 2.x
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-162-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 63c97b083f137a035563710c67c57fc23b9493f4
# Push it to GitHub
git push --set-upstream origin backport/backport-162-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.xThen, create a pull request where the |
* Add geojson support for XYPoint Signed-off-by: Heemin Kim <heemin@amazon.com> (cherry picked from commit 63c97b0)
4 participants
See #152
Signed-off-by: Heemin Kim heemin@amazon.com
Description
Supports GeoJson Point type in XYPoint field
Issues Resolved
#152
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.