Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17560

HMaster redirect should sanity check user input

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: master, security, UI
    • Labels:
      None

      Description

      We should do some sanity checking on the user provided data before we blindly pass it to a redirect.

      i.e.

        public static class RedirectServlet extends HttpServlet {
          private static final long serialVersionUID = 2894774810058302472L;
          private static int regionServerInfoPort;
      
          @Override
          public void doGet(HttpServletRequest request,
              HttpServletResponse response) throws ServletException, IOException {
            String redirectUrl = request.getScheme() + "://"
              + request.getServerName() + ":" + regionServerInfoPort
              + request.getRequestURI();
            response.sendRedirect(redirectUrl);
          }
        }
      

      e.g.

      • Are we reidrecting to a server that is ours?
      • Did we validate the path/query string?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                busbey Sean Busbey
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: