Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4136

Class Cast Exception with Spark Implementations that Backported SparkR Security Fix

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 0.8.1
    • None
    • security, spark
    • None

    Description

      Zeppelin uses a version check to determine the return type of the SparkR channel

      https://github.com/apache/zeppelin/blob/8e6974fdc33e834bc01a5ee594e2cfca4ff3045f/spark/interpreter/src/main/java/org/apache/zeppelin/spark/SparkVersion.java#L92-L97

      and

      https://github.com/apache/zeppelin/blob/735064fdc57ae958fabae85b399bb5af3cb79144/spark/interpreter/src/main/scala/org/apache/spark/SparkRBackend.scala#L34-L44

      Datastax Enterprise build of Spark includes this security fix in 2.2.2.X, but since Zeppelin doesn't have knowledge of this (for obvious reasons) it attempts to connect without the secret. While I know this isn't an issue for everyone I think we could fix this issue by attempting to match on return type and then we could remove the version check portion of the code. This may end up looking a bit cleaner too although that may just be my opinion

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #3357

          Activity

            People

              Unassigned Unassigned
              rspitzer Russell Spitzer
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m