[SENTRY-2194] Upgrade Sentry hadoop-version dependency to 2.7.5 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.1.0
Fix Version/s: 2.2.0
Component/s: None
Labels:
None

Description

Sentry clients use Configuration class defined in the hadoop-common code base to parse or read configuration files. Hadoop community had made improvements particularly to enhance security. The change introduces a new boolean attribute restrictParser. Setting restrictParser to true will

Limit XML parsing to conform with feature "http://apache.org/xml/features/disallow-doctype-decl"
- This is a security feature explained here - https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet
boolean restrictSystemProps is set to true
- Will prevent system properties from being read
set XML inclusion (XInclude) to false
- prevent merging of xml documents

This change is currently included in hadoop-version 2.7.5. There is a new implementation of addResources method to allow the setting of restrictParser boolean. Sentry is currently using hadoop-version 2.7.2. Bumping this version up and making appropriate changes will allow Sentry to take advantage of this feature

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SENTRY-2194.02.patch
02/Apr/18 15:31
13 kB
Arjun Mishra
SENTRY-2194.01.patch
01/Apr/18 00:10
13 kB
Arjun Mishra

Issue Links

links to

Review board link

Activity

People

Assignee:: Arjun Mishra

Reporter:: Arjun Mishra

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 30/Mar/18 06:48

Updated:: 02/Jan/20 17:07

Resolved:: 09/Apr/18 20:50