Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-15328

Unvalidated Redirect in HMaster

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 1.4.0, 1.3.1, 1.2.5, 1.1.10, 2.0.0
    • security
    • None

    Description

      See OWASP page on why we should clean it up someday:

      https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

      Here is where we do the redirect:

          @Override
          public void doGet(HttpServletRequest request,
              HttpServletResponse response) throws ServletException, IOException {
            String redirectUrl = request.getScheme() + "://"
              + request.getServerName() + ":" + regionServerInfoPort
              + request.getRequestURI();
            response.sendRedirect(redirectUrl);
          }
        }
      

      Attachments

        1. HBASE-15328.0.patch
          8 kB
          Sean Busbey
        2. HBASE-15328.1.patch
          9 kB
          Sean Busbey

        Issue Links

          Activity

            People

              busbey Sean Busbey
              stack Michael Stack
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: