Implementation:Apache Dolphinscheduler AbstractDataSourceProcessor Validation
| Knowledge Sources | |
|---|---|
| Domains | Data_Integration, Security |
| Last Updated | 2026-02-10 00:00 GMT |
Overview
Concrete tool for validating and transforming datasource parameters using AbstractDataSourceProcessor.checkDatasourceParam with host, database, and JDBC parameter security checks, plus PasswordUtils encoding.
Description
'AbstractDataSourceProcessor.checkDatasourceParam() at L57 calls three validation methods: checkHost(String) at L71 validates against IPv4/IPv6 regex patterns, checkDatabasePatter(String) at L83 validates the database name against an allowed pattern, and checkOther(Map) at L94 blocks JDBC parameters in the POSSIBLE_MALICIOUS_KEYS set. PasswordUtils.encodePassword(String) at L45 encodes passwords using XOR with a configurable salt followed by Base64 encoding.
Usage
Called by DataSourceUtils.checkDatasourceParam() before any datasource creation or update operation.
Code Reference
Source Location
- Repository: dolphinscheduler
- File: dolphinscheduler-datasource-plugin/dolphinscheduler-datasource-api/src/main/java/org/apache/dolphinscheduler/plugin/datasource/api/datasource/AbstractDataSourceProcessor.java (L57-136)
- File: dolphinscheduler-datasource-plugin/dolphinscheduler-datasource-api/src/main/java/org/apache/dolphinscheduler/plugin/datasource/api/utils/PasswordUtils.java (L45-65)
Signature
public abstract class AbstractDataSourceProcessor implements DataSourceProcessor {
// Validation
@Override
public void checkDatasourceParam(BaseDataSourceParamDTO datasourceParam); // L57
protected void checkHost(String host); // L71
protected void checkDatabasePatter(String database); // L83
protected void checkOther(Map<String, String> other); // L94
// Connectivity check
@Override
public boolean checkDataSourceConnectivity(ConnectionParam connectionParam); // L126
}
public class PasswordUtils {
public static String encodePassword(String password); // L45
public static String decodePassword(String password); // L55
}
Import
import org.apache.dolphinscheduler.plugin.datasource.api.datasource.AbstractDataSourceProcessor;
import org.apache.dolphinscheduler.plugin.datasource.api.utils.PasswordUtils;
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| datasourceParam | BaseDataSourceParamDTO | Yes | DTO with host, database, other params to validate |
| password | String | Yes | Plain text password to encode |
Outputs
| Name | Type | Description |
|---|---|---|
| Validated DTO | BaseDataSourceParamDTO | Same DTO (throws IllegalArgumentException on invalid input) |
| Encoded password | String | Base64-encoded XOR-encrypted password |
Usage Examples
Validation Flow
AbstractDataSourceProcessor processor = new MySQLDataSourceProcessor();
// Validate parameters (throws on invalid input)
processor.checkDatasourceParam(dto);
// Transform to connection params with encoded password
ConnectionParam connParam = processor.createConnectionParams(dto);
// connParam.password is now encoded
Security: Blocked Parameters
// These JDBC parameters are blocked by checkOther():
// - allowLoadLocalInfile (file read attack)
// - autoDeserialize (deserialization exploit)
// - allowLocalInfile (file read attack)
// - allowUrlInLocalInfile (URL-based file read)
Map<String, String> other = new HashMap<>();
other.put("allowLoadLocalInfile", "true"); // BLOCKED!
dto.setOther(other);
processor.checkDatasourceParam(dto); // throws IllegalArgumentException