[Fix](http)Enhanced Security Checks for Audit Log File Names

[CalvinKirs]

Purpose:

To improve the security of audit log files, a new method checkAuditLogFileName has been added to validate the file name and path to ensure they meet security requirements. This method is designed to prevent invalid file names and path traversal attacks, ensuring that only files within the designated directory can be accessed.↳

Changes:

File Name Validation:

A regular expression check has been added to validate the file name: ^[a-zA-Z0-9._-]+$, restricting the file name to letters, numbers, dots, underscores, and hyphens.

If the file name contains invalid characters (e.g., spaces, path traversal characters), a SecurityException is thrown with the message “Invalid file name.”
Path Validation:

The file name is resolved into a normalized path, and it is checked to ensure that it is within the allowed directory.

The path is constructed using Paths.get(Config.audit_log_dir).resolve(logFile).normalize(). If the path does not start with the specified audit log directory (Config.audit_log_dir), indicating an attempt to access outside the permitted directory (e.g., a path traversal attack), a SecurityException is thrown with the message “Invalid file path: Access outside of permitted directory.”

Check List (For Author)

• Test
  • Regression test
  • Unit Test
  • Manual test (add detailed scripts or steps below)

 calvinkirs@CalvinKirss-MBP fe % curl -u root: -I "http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=../LICENSE"                                 
HTTP/1.1 200 OK
Date: Tue, 26 Nov 2024 06:49:56 GMT
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
file_infos: {"fe.audit.log":2480,"fe.audit.log.20241030-1":87297,"fe.audit.log.20241031-1":1250,"fe.audit.log.20241101-1":260067,"fe.audit.log.20241106-1":523614,"fe.audit.log.20241107-1":83146,"fe.audit.log.20241108-1":190639,"fe.audit.log.20241110-1":5071,"fe.audit.log.20241111-1":668553,"fe.audit.log.20241119-1":471175,"fe.audit.log.20241120-1":17077,"fe.audit.log.20241125-1":760146}
Content-Type: application/json
Transfer-Encoding: chunked

calvinkirs@CalvinKirss-MBP fe % curl -u root: -X GET "http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=audit_log_dir/../LICENSE"               
{"msg":"Internal Error","code":500,"data":"Invalid file name","count":0}%                                                                                                                                     calvinkirs@CalvinKirss-MBP fe % curl -u root: -X GET "http://127.0.0.1:8030/api/get_log_file?type=fe.audit.log&file=audit_log_dir/%2e%2e%2f%2e%2e%2fetc%2fpasswd"
{"msg":"Internal Error","code":500,"data":"Invalid file name","count":0}%   

• Behavior changed:

  • No.
  • Yes.

• Does this need documentation?

  • No.
  • Yes.

Check List (For Reviewer who merge this PR)

• Confirm the release note
• Confirm test cases
• Confirm document
• Add branch pick label

[doris-robot]

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR.

Please clearly describe your PR:

1. What problem was fixed (it's best to include specific error reporting information). How it was fixed.
2. Which behaviors were modified. What was the previous behavior, what is it now, why was it modified, and what possible impacts might there be.
3. What features were added. Why was this function added?
4. Which code was refactored and why was this part of the code refactored?
5. Which functions were optimized and what is the difference before and after the optimization?

[CalvinKirs]

run buildall

[morningman]

Please add unit test

[CalvinKirs]

Please add unit test↳

done:)

[CalvinKirs]

run buildall

[CalvinKirs]

run buildall

[morningman]

LGTM

[github-actions]

PR approved by at least one committer and no changes requested.

[github-actions]

PR approved by anyone and no changes requested.