Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.0.0-alpha1
-
None
Description
This JIRA proposes to extend the work done in HADOOP-12964 and enable a configuration value that enables or disables that option.
This allows HDFS to remain backward compatible as required by the branch-2.
Attachments
Attachments
- HDFS-10579.003.patch
- 13 kB
- Anu Engineer
- HDFS-10579.002.patch
- 23 kB
- Anu Engineer
- HDFS-10579.001.patch
- 23 kB
- Anu Engineer
Issue Links
- Dependent
-
HADOOP-13352 Make X-FRAME-OPTIONS configurable in HttpServer2
- Resolved
- is related to
-
HADOOP-12964 Http server vulnerable to clickjacking
- Resolved
- relates to
-
HADOOP-13008 Add XFS Filter for UIs to Hadoop Common
- Resolved
Activity
This patch is for trunk, where we preserve the current behavior. That is X-FRAME-OPTIONS are turned on by default. We can decide if we should do the same for branch 2 after the code reviews are over. If needed I will post a patch with X-FRAME-OPTIONS disabled for branch-2
-1 overall |
Vote | Subsystem | Runtime | Comment |
---|---|---|---|
0 | reexec | 0m 24s | Docker mode activated. |
+1 | @author | 0m 0s | The patch does not contain any @author tags. |
+1 | test4tests | 0m 0s | The patch appears to include 4 new or modified test files. |
0 | mvndep | 0m 13s | Maven dependency ordering for branch |
+1 | mvninstall | 7m 9s | trunk passed |
+1 | compile | 6m 59s | trunk passed |
+1 | checkstyle | 1m 31s | trunk passed |
+1 | mvnsite | 1m 52s | trunk passed |
+1 | mvneclipse | 0m 29s | trunk passed |
+1 | findbugs | 3m 10s | trunk passed |
+1 | javadoc | 1m 38s | trunk passed |
0 | mvndep | 0m 11s | Maven dependency ordering for patch |
+1 | mvninstall | 1m 26s | the patch passed |
+1 | compile | 6m 54s | the patch passed |
+1 | javac | 6m 54s | the patch passed |
-0 | checkstyle | 1m 28s | root: The patch generated 6 new + 523 unchanged - 0 fixed = 529 total (was 523) |
+1 | mvnsite | 1m 55s | the patch passed |
+1 | mvneclipse | 0m 26s | the patch passed |
+1 | whitespace | 0m 0s | The patch has no whitespace issues. |
+1 | xml | 0m 1s | The patch has no ill-formed XML file. |
+1 | findbugs | 3m 34s | the patch passed |
+1 | javadoc | 1m 52s | the patch passed |
-1 | unit | 8m 23s | hadoop-common in the patch failed. |
-1 | unit | 71m 19s | hadoop-hdfs in the patch failed. |
+1 | asflicense | 0m 26s | The patch does not generate ASF License warnings. |
122m 15s |
Reason | Tests |
---|---|
Failed junit tests | hadoop.security.TestGroupsCaching |
hadoop.hdfs.TestCrcCorruption |
Subsystem | Report/Notes |
---|---|
Docker | Image:yetus/hadoop:9560f25 |
JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816553/HDFS-10579.001.patch |
JIRA Issue | |
Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml |
uname | Linux 91c8352d806a 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
Build tool | maven |
Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh |
git revision | trunk / a3f93be |
Default Java | 1.8.0_91 |
findbugs | v3.0.0 |
checkstyle | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/diff-checkstyle-root.txt |
unit | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt |
unit | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt |
Test Results | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/testReport/ |
modules | C: hadoop-common-project/hadoop-common hadoop-hdfs-project/hadoop-hdfs U: . |
Console output | https://builds.apache.org/job/PreCommit-HDFS-Build/15998/console |
Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
Fix checkstyle warnings, test failures are not related to this patch.
-1 overall |
Vote | Subsystem | Runtime | Comment |
---|---|---|---|
0 | reexec | 0m 28s | Docker mode activated. |
+1 | @author | 0m 0s | The patch does not contain any @author tags. |
+1 | test4tests | 0m 0s | The patch appears to include 4 new or modified test files. |
0 | mvndep | 0m 13s | Maven dependency ordering for branch |
+1 | mvninstall | 7m 9s | trunk passed |
+1 | compile | 6m 57s | trunk passed |
+1 | checkstyle | 1m 31s | trunk passed |
-1 | mvnsite | 2m 11s | hadoop-common in trunk failed. |
+1 | mvneclipse | 0m 27s | trunk passed |
+1 | findbugs | 3m 21s | trunk passed |
+1 | javadoc | 1m 50s | trunk passed |
0 | mvndep | 0m 12s | Maven dependency ordering for patch |
+1 | mvninstall | 1m 33s | the patch passed |
+1 | compile | 7m 2s | the patch passed |
+1 | javac | 7m 2s | the patch passed |
-0 | checkstyle | 1m 26s | root: The patch generated 1 new + 523 unchanged - 0 fixed = 524 total (was 523) |
-1 | mvnsite | 2m 16s | hadoop-common in the patch failed. |
+1 | mvneclipse | 0m 27s | the patch passed |
+1 | whitespace | 0m 0s | The patch has no whitespace issues. |
+1 | xml | 0m 1s | The patch has no ill-formed XML file. |
+1 | findbugs | 4m 26s | the patch passed |
+1 | javadoc | 1m 47s | the patch passed |
+1 | unit | 9m 16s | hadoop-common in the patch passed. |
-1 | unit | 79m 37s | hadoop-hdfs in the patch failed. |
+1 | asflicense | 0m 24s | The patch does not generate ASF License warnings. |
135m 34s |
Reason | Tests |
---|---|
Failed junit tests | hadoop.hdfs.server.namenode.TestNameNodeMetadataConsistency |
Timed out junit tests | org.apache.hadoop.hdfs.TestLeaseRecovery2 |
This message was automatically generated.
Thanks anu a lot for working on this! I totally did not notice compatibility issues on branch-2. A few comments.
1) xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them.
2) testHttpResonseContainsXFrameOptions, testHttpResonseContainsDeny and testHttpResonseContainsAllowFrom are the same except the x-frame-option config. You could have a common method that takes x-frame-option as a parameter and does the verification. Then the three test methods can simply call that method with different x-frame-option.
3) The patch touches both HttpServer2 which is in COMMON, and HDFS servers. Can you create a parent jira against COMMON to make HttpServer2 changes, then create a sub task against HDFS of that to make HDFS changes? Other components also uses HttpServer2, such as MR. If needed, we could add more subtasks for each of the components.
haibochen Thanks for the comments
xFrameOption and xFrameOptionIsEnabled (of HttpServer2) are declared as static but used as instance variables. Can you make them non-static? Of course, QuotingInputFilter has to be non-static to access them
Just wanted to let you know that I will make this change and post that patch to the new Hadoop Common Jira that I will be creating based on your suggestion. I will tag you on that Jira so that you can look at the changes. I should be able to post a patch by EOD. btw, looks like YARN addressed this issue in this patch. https://issues.apache.org/jira/browse/YARN-5076
anu - This looks good.
I will review the new patches when they arrive as well.
Thanks for adding this!
haibochen HDFS JIRAs cannot be made sub-tasks of COMMON jiras. I have made this JIRA dependent on the JIRA in common.
This patch is depends on HADOOP-13352. Posting here for early code review. Once HADOOP-13352 is committed, this patch can be submitted for jenkins.
Please annotate getHttpServer method with @VisibleForTesting. It seems to be added only for tests.
-1 overall |
Vote | Subsystem | Runtime | Comment |
---|---|---|---|
0 | reexec | 0m 0s | Docker mode activated. |
-1 | patch | 0m 6s | |
Subsystem | Report/Notes |
---|---|
JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816575/HDFS-10579.002.patch |
JIRA Issue | |
Console output | https://builds.apache.org/job/PreCommit-HDFS-Build/16010/console |
Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
-1 overall |
Vote | Subsystem | Runtime | Comment |
---|---|---|---|
0 | reexec | 0m 19s | Docker mode activated. |
+1 | @author | 0m 0s | The patch does not contain any @author tags. |
+1 | test4tests | 0m 0s | The patch appears to include 2 new or modified test files. |
+1 | mvninstall | 7m 4s | trunk passed |
+1 | compile | 0m 51s | trunk passed |
+1 | checkstyle | 0m 33s | trunk passed |
+1 | mvnsite | 1m 15s | trunk passed |
+1 | mvneclipse | 0m 18s | trunk passed |
+1 | findbugs | 2m 5s | trunk passed |
+1 | javadoc | 0m 57s | trunk passed |
+1 | mvninstall | 0m 51s | the patch passed |
+1 | compile | 0m 45s | the patch passed |
+1 | javac | 0m 45s | the patch passed |
+1 | checkstyle | 0m 28s | the patch passed |
+1 | mvnsite | 0m 57s | the patch passed |
+1 | mvneclipse | 0m 9s | the patch passed |
+1 | whitespace | 0m 0s | The patch has no whitespace issues. |
+1 | xml | 0m 2s | The patch has no ill-formed XML file. |
+1 | findbugs | 1m 54s | the patch passed |
+1 | javadoc | 0m 54s | the patch passed |
-1 | unit | 62m 45s | hadoop-hdfs in the patch failed. |
+1 | asflicense | 0m 22s | The patch does not generate ASF License warnings. |
83m 49s |
Reason | Tests |
---|---|
Failed junit tests | hadoop.hdfs.server.namenode.TestEditLog |
hadoop.hdfs.server.blockmanagement.TestUnderReplicatedBlocks |
Subsystem | Report/Notes |
---|---|
Docker | Image:yetus/hadoop:9560f25 |
JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12816924/HDFS-10579.003.patch |
JIRA Issue | |
Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle xml |
uname | Linux c63a83eed656 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
Build tool | maven |
Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh |
git revision | trunk / 932aed6 |
Default Java | 1.8.0_91 |
findbugs | v3.0.0 |
unit | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt |
Test Results | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/testReport/ |
modules | C: hadoop-hdfs-project/hadoop-hdfs U: hadoop-hdfs-project/hadoop-hdfs |
Console output | https://builds.apache.org/job/PreCommit-HDFS-Build/16011/console |
Powered by | Apache Yetus 0.4.0-SNAPSHOT http://yetus.apache.org |
This message was automatically generated.
SUCCESS: Integrated in Hadoop-trunk-Commit #10075 (See https://builds.apache.org/job/Hadoop-trunk-Commit/10075/)
HDFS-10579. HDFS web interfaces lack configs for X-FRAME-OPTIONS (jitendra: rev c447efebdb92dcdf3d95e983036f53bfbed2c0b4)
- hadoop-hdfs-project/hadoop-hdfs/src/main/resources/hdfs-default.xml
- hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/datanode/web/TestDatanodeHttpXFrame.java
- hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeHttpServer.java
- hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/web/DatanodeHttpServer.java
- hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
- hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/DFSConfigKeys.java
I committed this to branch-2 only, because the earlier jira HADOOP-12964 was only in branch-2. If we want it in 2.8, following two also must go to 2.8:
HADOOP-12964
HADOOP-13352
Are there any other dependencies?
I think that should be it.
There isn't some reason to keep it out of 2.8 that I am missing - is there?
rkanter haibochen Tagging both of you to make sure that this JIRA is noticed by you. I will post a patch soon, would appreciate any feedback you might have.