Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-11441

Add escaping to error message in KMS web UI

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.8.0
    • Fix Version/s: 2.9.0, 3.0.0-alpha4, 2.8.2
    • Component/s: security
    • Labels:
      None

      Description

      There's a handful of places where web UIs don't escape error messages. We should add escaping in these places.

      1. HDFS-11441.patch
        1 kB
        Aaron T. Myers
      2. HDFS-11441.patch
        8 kB
        Aaron T. Myers
      3. HDFS-11441-branch-2.6.patch
        22 kB
        Aaron T. Myers

        Activity

        Hide
        atm Aaron T. Myers added a comment -

        Attaching a patch which just adds calls to HtmlQuoting#quoteHtmlChars in a few places.

        Show
        atm Aaron T. Myers added a comment - Attaching a patch which just adds calls to HtmlQuoting#quoteHtmlChars in a few places.
        Hide
        andrew.wang Andrew Wang added a comment -

        +1 LGTM thanks ATM for the contribution!

        Show
        andrew.wang Andrew Wang added a comment - +1 LGTM thanks ATM for the contribution!
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 46s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        0 mvndep 0m 40s Maven dependency ordering for branch
        +1 mvninstall 22m 54s trunk passed
        +1 compile 20m 1s trunk passed
        +1 checkstyle 2m 33s trunk passed
        +1 mvnsite 3m 56s trunk passed
        +1 mvneclipse 1m 18s trunk passed
        +1 findbugs 5m 3s trunk passed
        +1 javadoc 2m 44s trunk passed
        0 mvndep 0m 19s Maven dependency ordering for patch
        +1 mvninstall 2m 22s the patch passed
        +1 compile 14m 38s the patch passed
        +1 javac 14m 38s the patch passed
        +1 checkstyle 2m 22s the patch passed
        +1 mvnsite 3m 50s the patch passed
        +1 mvneclipse 1m 17s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 5m 10s the patch passed
        +1 javadoc 2m 27s the patch passed
        -1 unit 10m 12s hadoop-common in the patch failed.
        +1 unit 3m 57s hadoop-kms in the patch passed.
        -1 unit 128m 34s hadoop-hdfs in the patch failed.
        +1 asflicense 1m 8s The patch does not generate ASF License warnings.
        238m 17s



        Reason Tests
        Failed junit tests hadoop.security.TestRaceWhenRelogin
          hadoop.hdfs.server.namenode.ha.TestEditLogTailer
          hadoop.hdfs.server.datanode.TestDataNodeVolumeFailure
          hadoop.hdfs.tools.TestDFSZKFailoverController
        Timed out junit tests org.apache.hadoop.hdfs.server.blockmanagement.TestBlockStatsMXBean



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HDFS-11441
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12854063/HDFS-11441.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux 4f4d99da933b 3.13.0-92-generic #139-Ubuntu SMP Tue Jun 28 20:42:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / 1a6ca75
        Default Java 1.8.0_121
        findbugs v3.0.0
        unit https://builds.apache.org/job/PreCommit-HDFS-Build/18418/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt
        unit https://builds.apache.org/job/PreCommit-HDFS-Build/18418/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt
        Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18418/testReport/
        modules C: hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms hadoop-hdfs-project/hadoop-hdfs U: .
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18418/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 46s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. 0 mvndep 0m 40s Maven dependency ordering for branch +1 mvninstall 22m 54s trunk passed +1 compile 20m 1s trunk passed +1 checkstyle 2m 33s trunk passed +1 mvnsite 3m 56s trunk passed +1 mvneclipse 1m 18s trunk passed +1 findbugs 5m 3s trunk passed +1 javadoc 2m 44s trunk passed 0 mvndep 0m 19s Maven dependency ordering for patch +1 mvninstall 2m 22s the patch passed +1 compile 14m 38s the patch passed +1 javac 14m 38s the patch passed +1 checkstyle 2m 22s the patch passed +1 mvnsite 3m 50s the patch passed +1 mvneclipse 1m 17s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 5m 10s the patch passed +1 javadoc 2m 27s the patch passed -1 unit 10m 12s hadoop-common in the patch failed. +1 unit 3m 57s hadoop-kms in the patch passed. -1 unit 128m 34s hadoop-hdfs in the patch failed. +1 asflicense 1m 8s The patch does not generate ASF License warnings. 238m 17s Reason Tests Failed junit tests hadoop.security.TestRaceWhenRelogin   hadoop.hdfs.server.namenode.ha.TestEditLogTailer   hadoop.hdfs.server.datanode.TestDataNodeVolumeFailure   hadoop.hdfs.tools.TestDFSZKFailoverController Timed out junit tests org.apache.hadoop.hdfs.server.blockmanagement.TestBlockStatsMXBean Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HDFS-11441 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12854063/HDFS-11441.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 4f4d99da933b 3.13.0-92-generic #139-Ubuntu SMP Tue Jun 28 20:42:26 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / 1a6ca75 Default Java 1.8.0_121 findbugs v3.0.0 unit https://builds.apache.org/job/PreCommit-HDFS-Build/18418/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt unit https://builds.apache.org/job/PreCommit-HDFS-Build/18418/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs.txt Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18418/testReport/ modules C: hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms hadoop-hdfs-project/hadoop-hdfs U: . Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18418/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        atm Aaron T. Myers added a comment -

        Thanks a lot for the review, Andrew Wang. Would you mind verifying that the failed tests are unrelated to this patch? I'm having some trouble with my dev environment right now.

        Also attaching a patch which does the same thing but for branch-2.6 as well, since that branch includes the old JSPs which also need some fixups.

        No tests are included since this just changes the rendering of some HTML on the Web UIs.

        Show
        atm Aaron T. Myers added a comment - Thanks a lot for the review, Andrew Wang . Would you mind verifying that the failed tests are unrelated to this patch? I'm having some trouble with my dev environment right now. Also attaching a patch which does the same thing but for branch-2.6 as well, since that branch includes the old JSPs which also need some fixups. No tests are included since this just changes the rendering of some HTML on the Web UIs.
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 13s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        0 mvndep 0m 13s Maven dependency ordering for branch
        +1 mvninstall 7m 52s branch-2.6 passed
        -1 compile 1m 37s root in branch-2.6 failed with JDK v1.8.0_121.
        -1 compile 1m 46s root in branch-2.6 failed with JDK v1.7.0_121.
        +1 checkstyle 1m 21s branch-2.6 passed
        +1 mvnsite 1m 59s branch-2.6 passed
        +1 mvneclipse 0m 44s branch-2.6 passed
        -1 findbugs 1m 29s hadoop-common-project/hadoop-common in branch-2.6 has 66 extant Findbugs warnings.
        -1 findbugs 2m 48s hadoop-hdfs-project/hadoop-hdfs in branch-2.6 has 273 extant Findbugs warnings.
        +1 javadoc 2m 5s branch-2.6 passed with JDK v1.8.0_121
        +1 javadoc 3m 3s branch-2.6 passed with JDK v1.7.0_121
        0 mvndep 0m 13s Maven dependency ordering for patch
        +1 mvninstall 1m 49s the patch passed
        -1 compile 1m 34s root in the patch failed with JDK v1.8.0_121.
        -1 javac 1m 34s root in the patch failed with JDK v1.8.0_121.
        -1 compile 1m 45s root in the patch failed with JDK v1.7.0_121.
        -1 javac 1m 45s root in the patch failed with JDK v1.7.0_121.
        +1 checkstyle 1m 8s the patch passed
        +1 mvnsite 1m 55s the patch passed
        +1 mvneclipse 0m 40s the patch passed
        -1 whitespace 0m 0s The patch has 2243 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply
        -1 whitespace 0m 58s The patch 178 line(s) with tabs.
        +1 findbugs 5m 19s the patch passed
        +1 javadoc 2m 5s the patch passed with JDK v1.8.0_121
        +1 javadoc 3m 7s the patch passed with JDK v1.7.0_121
        +1 unit 6m 24s hadoop-common in the patch passed with JDK v1.7.0_121.
        +1 unit 1m 20s hadoop-kms in the patch passed with JDK v1.7.0_121.
        -1 unit 0m 44s hadoop-hdfs in the patch failed with JDK v1.7.0_121.
        -1 asflicense 0m 37s The patch generated 184 ASF License warnings.
        65m 27s



        Reason Tests
        JDK v1.8.0_121 Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics
          hadoop.io.TestUTF8
          hadoop.security.ssl.TestSSLFactory
          hadoop.http.TestSSLHttpServer
          hadoop.security.ssl.TestReloadingX509TrustManager
          hadoop.http.TestHttpCookieFlag
          hadoop.ha.TestZKFailoverControllerStress
          hadoop.crypto.key.kms.server.TestKMS



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:44eef0e
        JIRA Issue HDFS-11441
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12855697/HDFS-11441-branch-2.6.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux 7d9e72a92034 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision branch-2.6 / c73c894
        Default Java 1.7.0_121
        Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_121 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_121
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-compile-root-jdk1.8.0_121.txt
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-compile-root-jdk1.7.0_121.txt
        findbugs v1.3.9
        findbugs https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html
        findbugs https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.8.0_121.txt
        javac https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.8.0_121.txt
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.7.0_121.txt
        javac https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.7.0_121.txt
        whitespace https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/whitespace-eol.txt
        whitespace https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/whitespace-tabs.txt
        unit https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_121.txt
        JDK v1.7.0_121 Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18521/testReport/
        asflicense https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-asflicense-problems.txt
        modules C: hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms hadoop-hdfs-project/hadoop-hdfs U: .
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18521/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 13s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. 0 mvndep 0m 13s Maven dependency ordering for branch +1 mvninstall 7m 52s branch-2.6 passed -1 compile 1m 37s root in branch-2.6 failed with JDK v1.8.0_121. -1 compile 1m 46s root in branch-2.6 failed with JDK v1.7.0_121. +1 checkstyle 1m 21s branch-2.6 passed +1 mvnsite 1m 59s branch-2.6 passed +1 mvneclipse 0m 44s branch-2.6 passed -1 findbugs 1m 29s hadoop-common-project/hadoop-common in branch-2.6 has 66 extant Findbugs warnings. -1 findbugs 2m 48s hadoop-hdfs-project/hadoop-hdfs in branch-2.6 has 273 extant Findbugs warnings. +1 javadoc 2m 5s branch-2.6 passed with JDK v1.8.0_121 +1 javadoc 3m 3s branch-2.6 passed with JDK v1.7.0_121 0 mvndep 0m 13s Maven dependency ordering for patch +1 mvninstall 1m 49s the patch passed -1 compile 1m 34s root in the patch failed with JDK v1.8.0_121. -1 javac 1m 34s root in the patch failed with JDK v1.8.0_121. -1 compile 1m 45s root in the patch failed with JDK v1.7.0_121. -1 javac 1m 45s root in the patch failed with JDK v1.7.0_121. +1 checkstyle 1m 8s the patch passed +1 mvnsite 1m 55s the patch passed +1 mvneclipse 0m 40s the patch passed -1 whitespace 0m 0s The patch has 2243 line(s) that end in whitespace. Use git apply --whitespace=fix <<patch_file>>. Refer https://git-scm.com/docs/git-apply -1 whitespace 0m 58s The patch 178 line(s) with tabs. +1 findbugs 5m 19s the patch passed +1 javadoc 2m 5s the patch passed with JDK v1.8.0_121 +1 javadoc 3m 7s the patch passed with JDK v1.7.0_121 +1 unit 6m 24s hadoop-common in the patch passed with JDK v1.7.0_121. +1 unit 1m 20s hadoop-kms in the patch passed with JDK v1.7.0_121. -1 unit 0m 44s hadoop-hdfs in the patch failed with JDK v1.7.0_121. -1 asflicense 0m 37s The patch generated 184 ASF License warnings. 65m 27s Reason Tests JDK v1.8.0_121 Failed junit tests hadoop.metrics2.impl.TestGangliaMetrics   hadoop.io.TestUTF8   hadoop.security.ssl.TestSSLFactory   hadoop.http.TestSSLHttpServer   hadoop.security.ssl.TestReloadingX509TrustManager   hadoop.http.TestHttpCookieFlag   hadoop.ha.TestZKFailoverControllerStress   hadoop.crypto.key.kms.server.TestKMS Subsystem Report/Notes Docker Image:yetus/hadoop:44eef0e JIRA Issue HDFS-11441 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12855697/HDFS-11441-branch-2.6.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 7d9e72a92034 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision branch-2.6 / c73c894 Default Java 1.7.0_121 Multi-JDK versions /usr/lib/jvm/java-8-oracle:1.8.0_121 /usr/lib/jvm/java-7-openjdk-amd64:1.7.0_121 compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-compile-root-jdk1.8.0_121.txt compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-compile-root-jdk1.7.0_121.txt findbugs v1.3.9 findbugs https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-findbugs-hadoop-common-project_hadoop-common-warnings.html findbugs https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/branch-findbugs-hadoop-hdfs-project_hadoop-hdfs-warnings.html compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.8.0_121.txt javac https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.8.0_121.txt compile https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.7.0_121.txt javac https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-compile-root-jdk1.7.0_121.txt whitespace https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/whitespace-eol.txt whitespace https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/whitespace-tabs.txt unit https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-unit-hadoop-hdfs-project_hadoop-hdfs-jdk1.7.0_121.txt JDK v1.7.0_121 Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18521/testReport/ asflicense https://builds.apache.org/job/PreCommit-HDFS-Build/18521/artifact/patchprocess/patch-asflicense-problems.txt modules C: hadoop-common-project/hadoop-common hadoop-common-project/hadoop-kms hadoop-hdfs-project/hadoop-hdfs U: . Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18521/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        andrew.wang Andrew Wang added a comment -

        I checked the failed unit tests, and they're unrelated to this patch. It looks like branch-2.6 precommit and test suite is pretty broken.

        I applied the patch and poked around. Looks like we get double escaping on the logLevel endpoint:

        Submitted Log Name: &lt;&gt;&apos;&quot;;
        Log Class: org.apache.commons.logging.impl.Log4JLogger
        Submitted Level: &lt;&gt;&quot;&apos;;
        Bad Level : &lt;&gt;&quot;&apos;;
        Effective level: INFO
        

        I also tried browseDirectory.jsp with a directory named "<>" and "abc" and it seems to be escaping the entire link:

        <a href="http://localhost:50075/browseDirectory.jsp?dir=%2F%3C%3E&namenodeInfoPort=50070&nnaddr=127.0.0.1:8020">&lt;&gt;</a>
        <a href="http://localhost:50075/browseDirectory.jsp?dir=%2Fabc&namenodeInfoPort=50070&nnaddr=127.0.0.1:8020">abc</a>
        

        Didn't check the others, but I think we need to do manual verification of these to make sure they're escaping correctly.

        Show
        andrew.wang Andrew Wang added a comment - I checked the failed unit tests, and they're unrelated to this patch. It looks like branch-2.6 precommit and test suite is pretty broken. I applied the patch and poked around. Looks like we get double escaping on the logLevel endpoint: Submitted Log Name: &lt;&gt;&apos;&quot;; Log Class: org.apache.commons.logging.impl.Log4JLogger Submitted Level: &lt;&gt;&quot;&apos;; Bad Level : &lt;&gt;&quot;&apos;; Effective level: INFO I also tried browseDirectory.jsp with a directory named "<>" and "abc" and it seems to be escaping the entire link: <a href="http://localhost:50075/browseDirectory.jsp?dir=%2F%3C%3E&namenodeInfoPort=50070&nnaddr=127.0.0.1:8020">&lt;&gt;</a> <a href="http://localhost:50075/browseDirectory.jsp?dir=%2Fabc&namenodeInfoPort=50070&nnaddr=127.0.0.1:8020">abc</a> Didn't check the others, but I think we need to do manual verification of these to make sure they're escaping correctly.
        Hide
        atm Aaron T. Myers added a comment -

        Thanks a lot for the review, Andrew Wang. You're quite right - turns out there's a quoting input filter that handles escaping for anything using HttpServer or HttpServer2. I manually checked every instance I was trying to fix in this patch, and the only thing that isn't covered is the KMSAuthenticationFilter, which runs using Tomcat, and so I don't think has any quoting to this point.

        Attaching a new patch which just covers that spot.

        Show
        atm Aaron T. Myers added a comment - Thanks a lot for the review, Andrew Wang . You're quite right - turns out there's a quoting input filter that handles escaping for anything using HttpServer or HttpServer2 . I manually checked every instance I was trying to fix in this patch, and the only thing that isn't covered is the KMSAuthenticationFilter , which runs using Tomcat, and so I don't think has any quoting to this point. Attaching a new patch which just covers that spot.
        Hide
        andrew.wang Andrew Wang added a comment -

        Great news, +1!

        Show
        andrew.wang Andrew Wang added a comment - Great news, +1!
        Hide
        hadoopqa Hadoop QA added a comment -
        -1 overall



        Vote Subsystem Runtime Comment
        0 reexec 0m 20s Docker mode activated.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 mvninstall 13m 8s trunk passed
        -1 compile 12m 33s root in trunk failed.
        +1 checkstyle 0m 23s trunk passed
        +1 mvnsite 0m 53s trunk passed
        +1 mvneclipse 0m 21s trunk passed
        +1 findbugs 0m 35s trunk passed
        +1 javadoc 0m 21s trunk passed
        +1 mvninstall 0m 17s the patch passed
        -1 compile 10m 9s root in the patch failed.
        -1 javac 10m 9s root in the patch failed.
        +1 checkstyle 0m 23s the patch passed
        +1 mvnsite 0m 51s the patch passed
        +1 mvneclipse 0m 19s the patch passed
        +1 whitespace 0m 0s The patch has no whitespace issues.
        +1 findbugs 0m 40s the patch passed
        +1 javadoc 0m 21s the patch passed
        +1 unit 3m 22s hadoop-kms in the patch passed.
        +1 asflicense 0m 36s The patch does not generate ASF License warnings.
        46m 53s



        Subsystem Report/Notes
        Docker Image:yetus/hadoop:a9ad5d6
        JIRA Issue HDFS-11441
        JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12855930/HDFS-11441.patch
        Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle
        uname Linux 415a95556b1c 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
        Build tool maven
        Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh
        git revision trunk / ac5ae00
        Default Java 1.8.0_121
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/branch-compile-root.txt
        findbugs v3.0.0
        compile https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/patch-compile-root.txt
        javac https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/patch-compile-root.txt
        Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18547/testReport/
        modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms
        Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18547/console
        Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 reexec 0m 20s Docker mode activated. +1 @author 0m 0s The patch does not contain any @author tags. -1 test4tests 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 mvninstall 13m 8s trunk passed -1 compile 12m 33s root in trunk failed. +1 checkstyle 0m 23s trunk passed +1 mvnsite 0m 53s trunk passed +1 mvneclipse 0m 21s trunk passed +1 findbugs 0m 35s trunk passed +1 javadoc 0m 21s trunk passed +1 mvninstall 0m 17s the patch passed -1 compile 10m 9s root in the patch failed. -1 javac 10m 9s root in the patch failed. +1 checkstyle 0m 23s the patch passed +1 mvnsite 0m 51s the patch passed +1 mvneclipse 0m 19s the patch passed +1 whitespace 0m 0s The patch has no whitespace issues. +1 findbugs 0m 40s the patch passed +1 javadoc 0m 21s the patch passed +1 unit 3m 22s hadoop-kms in the patch passed. +1 asflicense 0m 36s The patch does not generate ASF License warnings. 46m 53s Subsystem Report/Notes Docker Image:yetus/hadoop:a9ad5d6 JIRA Issue HDFS-11441 JIRA Patch URL https://issues.apache.org/jira/secure/attachment/12855930/HDFS-11441.patch Optional Tests asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle uname Linux 415a95556b1c 3.13.0-107-generic #154-Ubuntu SMP Tue Dec 20 09:57:27 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux Build tool maven Personality /testptch/hadoop/patchprocess/precommit/personality/provided.sh git revision trunk / ac5ae00 Default Java 1.8.0_121 compile https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/branch-compile-root.txt findbugs v3.0.0 compile https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/patch-compile-root.txt javac https://builds.apache.org/job/PreCommit-HDFS-Build/18547/artifact/patchprocess/patch-compile-root.txt Test Results https://builds.apache.org/job/PreCommit-HDFS-Build/18547/testReport/ modules C: hadoop-common-project/hadoop-kms U: hadoop-common-project/hadoop-kms Console output https://builds.apache.org/job/PreCommit-HDFS-Build/18547/console Powered by Apache Yetus 0.5.0-SNAPSHOT http://yetus.apache.org This message was automatically generated.
        Hide
        andrew.wang Andrew Wang added a comment -

        I think the precommit errors are spurious. Committed to trunk, branch-2, branch-2.8.

        I think the security implications that this JIRA fixes are relatively minor, but we could still consider it for 2.8.0. Junping Du what do you think?

        Show
        andrew.wang Andrew Wang added a comment - I think the precommit errors are spurious. Committed to trunk, branch-2, branch-2.8. I think the security implications that this JIRA fixes are relatively minor, but we could still consider it for 2.8.0. Junping Du what do you think?
        Hide
        djp Junping Du added a comment -

        How serious the issue here could be? If it belongs to minor as it claim to be, I would suggest better to leave it to 2.8.1. Otherwise, please bump up to critical and leave comments for justification.

        Show
        djp Junping Du added a comment - How serious the issue here could be? If it belongs to minor as it claim to be, I would suggest better to leave it to 2.8.1. Otherwise, please bump up to critical and leave comments for justification.
        Hide
        andrew.wang Andrew Wang added a comment -

        The threat here is if someone injects bad input into an exception message, which is then viewed in a browser. This seems pretty unlikely to me considering users do not interact with the KMS via a browser. I don't think it's a critical.

        Let's leave it to 2.8.1 then, thanks!

        Show
        andrew.wang Andrew Wang added a comment - The threat here is if someone injects bad input into an exception message, which is then viewed in a browser. This seems pretty unlikely to me considering users do not interact with the KMS via a browser. I don't think it's a critical. Let's leave it to 2.8.1 then, thanks!
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11354 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11354/)
        HDFS-11441. Add escaping to error message in KMS web UI. Contributed by (wang: rev ec839b94c0eb3f09e74f8a3b0bc9a08b3f5418b2)

        • (edit) hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11354 (See https://builds.apache.org/job/Hadoop-trunk-Commit/11354/ ) HDFS-11441 . Add escaping to error message in KMS web UI. Contributed by (wang: rev ec839b94c0eb3f09e74f8a3b0bc9a08b3f5418b2) (edit) hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSAuthenticationFilter.java
        Hide
        vinodkv Vinod Kumar Vavilapalli added a comment -

        2.8.1 became a security release. Moving fix-version to 2.8.2 after the fact.

        Show
        vinodkv Vinod Kumar Vavilapalli added a comment - 2.8.1 became a security release. Moving fix-version to 2.8.2 after the fact.

          People

          • Assignee:
            atm Aaron T. Myers
            Reporter:
            atm Aaron T. Myers
          • Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development