[HBASE-15328] Unvalidated Redirect in HMaster - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.4.0, 1.3.1, 1.2.5, 1.1.10, 2.0.0
Component/s: security
Labels:
None

Description

See OWASP page on why we should clean it up someday:

https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

Here is where we do the redirect:

    @Override
    public void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {
      String redirectUrl = request.getScheme() + "://"
        + request.getServerName() + ":" + regionServerInfoPort
        + request.getRequestURI();
      response.sendRedirect(redirectUrl);
    }
  }

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-15328.1.patch
17/Feb/17 22:41
9 kB
Sean Busbey
HBASE-15328.0.patch
16/Feb/17 02:27
8 kB
Sean Busbey

Issue Links

is duplicated by

HBASE-17560 HMaster redirect should sanity check user input

Resolved

Activity

People

Assignee:: Sean Busbey

Reporter:: Michael Stack

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 25/Feb/16 14:31

Updated:: 09/Nov/17 19:11

Resolved:: 21/Feb/17 16:13