Hadoop Common
  1. Hadoop Common
  2. HADOOP-5820

Fix findbugs warnings for http related codes in hdfs

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      There are a few findbugs warnings:

      • HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
      • XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
      1. 5820_20090513.patch
        12 kB
        Tsz Wo Nicholas Sze

        Activity

        Hide
        Tsz Wo Nicholas Sze added a comment -

        5820_20090513.patch: fix findbugs warnings.

        Show
        Tsz Wo Nicholas Sze added a comment - 5820_20090513.patch: fix findbugs warnings.
        Hide
        Jakob Homan added a comment -

        +1, looks good.

        Show
        Jakob Homan added a comment - +1, looks good.
        Hide
        Tsz Wo Nicholas Sze added a comment -
             [exec] -1 overall.  
             [exec] 
             [exec]     +1 @author.  The patch does not contain any @author tags.
             [exec] 
             [exec]     -1 tests included.  The patch doesn't appear to include any new or modified tests.
             [exec]                         Please justify why no tests are needed for this patch.
             [exec] 
             [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
             [exec] 
             [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler warnings.
             [exec] 
             [exec]     +1 findbugs.  The patch does not introduce any new Findbugs warnings.
             [exec] 
             [exec]     +1 Eclipse classpath. The patch retains Eclipse classpath integrity.
             [exec] 
             [exec]     +1 release audit.  The applied patch does not increase the total number of release audit warnings.
        

        No new tests added since we don't test web components by unit tests.

        Show
        Tsz Wo Nicholas Sze added a comment - [exec] -1 overall. [exec] [exec] +1 @author. The patch does not contain any @author tags. [exec] [exec] -1 tests included. The patch doesn't appear to include any new or modified tests. [exec] Please justify why no tests are needed for this patch. [exec] [exec] +1 javadoc. The javadoc tool did not generate any warning messages. [exec] [exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings. [exec] [exec] +1 findbugs. The patch does not introduce any new Findbugs warnings. [exec] [exec] +1 Eclipse classpath. The patch retains Eclipse classpath integrity. [exec] [exec] +1 release audit. The applied patch does not increase the total number of release audit warnings. No new tests added since we don't test web components by unit tests.
        Hide
        Tsz Wo Nicholas Sze added a comment -

        I tested the web pages manually. Everything is working fine.

        I have committed this.

        Show
        Tsz Wo Nicholas Sze added a comment - I tested the web pages manually. Everything is working fine. I have committed this.

          People

          • Assignee:
            Tsz Wo Nicholas Sze
            Reporter:
            Tsz Wo Nicholas Sze
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development