Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-5820

Fix findbugs warnings for http related codes in hdfs

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      There are a few findbugs warnings:

      • HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
      1. 5820_20090513.patch
        12 kB
        Tsz Wo Nicholas Sze

        Activity

        Hide
        szetszwo Tsz Wo Nicholas Sze added a comment -

        5820_20090513.patch: fix findbugs warnings.

        Show
        szetszwo Tsz Wo Nicholas Sze added a comment - 5820_20090513.patch: fix findbugs warnings.
        Hide
        jghoman Jakob Homan added a comment -

        +1, looks good.

        Show
        jghoman Jakob Homan added a comment - +1, looks good.
        Hide
        szetszwo Tsz Wo Nicholas Sze added a comment -
             [exec] -1 overall.  
             [exec] 
             [exec]     +1 @author.  The patch does not contain any @author tags.
             [exec] 
             [exec]     -1 tests included.  The patch doesn't appear to include any new or modified tests.
             [exec]                         Please justify why no tests are needed for this patch.
             [exec] 
             [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
             [exec] 
             [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler warnings.
             [exec] 
             [exec]     +1 findbugs.  The patch does not introduce any new Findbugs warnings.
             [exec] 
             [exec]     +1 Eclipse classpath. The patch retains Eclipse classpath integrity.
             [exec] 
             [exec]     +1 release audit.  The applied patch does not increase the total number of release audit warnings.
        

        No new tests added since we don't test web components by unit tests.

        Show
        szetszwo Tsz Wo Nicholas Sze added a comment - [exec] -1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] -1 tests included. The patch doesn't appear to include any new or modified tests. [exec] Please justify why no tests are needed for this patch. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs warnings. [exec] [exec] +1 Eclipse classpath. The patch retains Eclipse classpath integrity. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings. No new tests added since we don't test web components by unit tests.
        Hide
        szetszwo Tsz Wo Nicholas Sze added a comment -

        I tested the web pages manually. Everything is working fine.

        I have committed this.

        Show
        szetszwo Tsz Wo Nicholas Sze added a comment - I tested the web pages manually. Everything is working fine. I have committed this.

          People

          • Assignee:
            szetszwo Tsz Wo Nicholas Sze
            Reporter:
            szetszwo Tsz Wo Nicholas Sze
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development