IGNITE-28743 Block remote HTTP/HTTPS/FTP URLs in resolveSpringUrl

[animovscw]

… prevent RCE via JDBC cfg://

Thank you for submitting the pull request to the Apache Ignite.

In order to streamline the review of the contribution
we ask you to ensure the following steps have been taken:

The Contribution Checklist

• There is a single JIRA ticket related to the pull request.
• The web-link to the pull request is attached to the JIRA ticket.
• The JIRA ticket has the Patch Available state.
• The pull request body describes changes that have been made.
  The description explains WHAT and WHY was made instead of HOW.
• The pull request title is treated as the final commit message.
  The following pattern must be used: IGNITE-XXXX Change summary where XXXX - number of JIRA issue.
• A reviewer has been mentioned through the JIRA comments
  (see the Maintainers list)
• The pull request has been checked by the Teamcity Bot and
  the green visa attached to the JIRA ticket (see tab PR Check at TC.Bot - Instance 1 or TC.Bot - Instance 2)

Notes

• How to Contribute
• Coding abbreviation rules
• Coding Guidelines
• Apache Ignite Teamcity Bot

If you need any help, please email dev@ignite.apache.org or ask anу advice on http://asf.slack.com #ignite channel.

[ignitetcbot]

TCBot Test Analysis

• TeamCity: --> Run :: All Results
• Branch: pull/13221/head
• Base: master
• Tested commit: 27d5cc3

Possible Blockers (6)

• Cache 8: 1 tests
  • IgniteCacheTestSuite8: Random2LruPageEvictionDataStreamerTest.testPageEviction - Test has low fail rate in base branch 0,0% and is not flaky
• Snapshots 1: 1 tests
  • IgniteSnapshotTestSuite: IgniteClusterSnapshotSelfTest.testClientHandlesSnapshotFailOnStartStage[encryption=true, onlyPrimay=false] - Test has low fail rate in base branch 0,0% and is not flaky
• Data Structures: 1 tests
  • IgniteCacheDataStructuresSelfTestSuite: GridCacheReplicatedDataStructuresFailoverSelfTest.testAtomicSequenceConstantTopologyChange - Test has low fail rate in base branch 0,0% and is not flaky
• Service Grid: 1 tests
  • IgniteServiceGridTestSuite: ServiceDeploymentOnClientDisconnectTest.testServiceDeploymentExchangeProcessingOnReconnect - Test has low fail rate in base branch 0,0% and is not flaky
• Spring: 2 tests
  • IgniteSpringTestSuite: GridFactorySelfTest.testStartGridWithConfigUrlString - Test has low fail rate in base branch 0,0% and is not flaky
  • IgniteSpringTestSuite: IgniteDynamicCacheConfigTest.testStartCachedWithConfigUrlString - Test has low fail rate in base branch 0,0% and is not flaky

New Tests (5)

• Basic 1: 5 tests
  • IgniteBasicTestSuite: IgniteUtilsSelfTest.testResolveSpringUrlBlocksHttpsByDefault - PASSED
  • IgniteBasicTestSuite: IgniteUtilsSelfTest.testResolveSpringUrlFtpAlwaysBlocked - PASSED
  • IgniteBasicTestSuite: IgniteUtilsSelfTest.testResolveSpringUrlAllowsHttpWhenPropertySet - PASSED
  • IgniteBasicTestSuite: IgniteUtilsSelfTest.testResolveSpringUrlBlocksHttpByDefault - PASSED
  • IgniteBasicTestSuite: IgniteUtilsSelfTest.testResolveSpringUrlBlocksFtpByDefault - PASSED

[Copilot]

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

[zstan]

seems also need to cover this flag usage in tests ?

[zstan]

Lets reduce tests a bit ? Use for loop with List.of("ftp", "https", "http") and "ftps" ?

[zstan]

Also seems all fails need to be fixed ?

https://tcbot2.sbt-ignite-dev.ru/pr.html?serverId=apache&suiteId=IgniteTests24Java8_RunAll&branchForTc=pull/13221/head&action=Latest