Add client option to disable redirects

[dianatatar]

Presto clients can attempt to follow a redirect from an untrusted server, adding option to disable redirect as a security improvement.

Description

Add client option to disable redirects

Motivation and Context

Presto clients can attempt to follow a redirect from an untrusted server, adding option to disable redirect as a security improvement
Fixes advisory GHSA-xm7x-f3w2-4hjm

Impact

Adding option to disable Presto clients following a redirect. This is an opt in, by default the current client behavior does not change

Test Plan

Tested locally with CLI and Presto Jdbc client by sending a server redirect (307/308 http code) and confirming clients will not follow the redirect if option to follow redirects is disabled

Contributor checklist

• Please make sure your submission complies with our development, formatting, commit message, and attribution guidelines.
• PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
• Documented new properties (with its default value), SQL syntax, functions, or other functionality.
• If release notes are required, they follow the release notes guidelines.
• Adequate tests were added if applicable.
• CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
* Add client option to disable redirects

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: dianatatar / name: Diana Tatar (45727d6)

[skairali]

@dianatatar what happens when presto://localhost:8080/blackhole?followRedirects=ANINVALIDOPTION is given here?

it could be a typo as well like presto://localhost:8080/blackhole?followRedirects=false1.

What's the behaviour?

[dianatatar]

@dianatatar what happens when presto://localhost:8080/blackhole?followRedirects=ANINVALIDOPTION is given here?

it could be a typo as well like presto://localhost:8080/blackhole?followRedirects=false1.

What's the behaviour?

Connection properties take in several checks when initiated, one of which is a converter which checks if the URI parameter value is as expected. followRedirects uses a boolean converter which checks that the value is either true or false and throws otherwise. I added an extra assert in TestPrestoDriverUri to confirm this behavior.

[github-actions]

Codenotify: Notifying subscribers in CODENOTIFY files for diff b5a403b...45727d6.

Notify	File(s)
@steveburnett	presto-docs/src/main/sphinx/installation/jdbc.rst

[steveburnett]

LGTM! (docs)

[tcherel]

Hi.
Any ideas if and when (rough idea) this might be delivered and available in a new presto JDBC GA driver?
Thanks.

[tdcmeehan]

@skairali any further comments?

[tcherel]

@tdcmeehan @skairali any updates or some sort of rough ETA?
Thanks.

[tcherel]

@tdcmeehan @skairali any updates or some sort of rough ETA?
Thanks.

[skairali]

@dianatatar (1) Could you please let me know what's the default value of the parameter? I would recommend the configuration to work AS IS and only take affect if its explicitly provided

(2)Please also resolve conflicts and rebase

@tdcmeehan @tcherel I am approving this PR conditionally that @dianatatar takes care of (1) and (2)

[skairali]

Marking my approval as commented above

[tcherel]

Thanks @skairali
@dianatatar any chances you can provide what @skairali requested above?
Thanks.

[dianatatar]

@skairali the configuration parameter has a default value of true which means it will follow redirects and is also the default behavior. I've rebased the PR and resolved the conflicts. @tcherel