diff --git itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java new file mode 100644 index 0000000000..040c694865 --- /dev/null +++ itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hive.service.cli.thrift; + +import static org.junit.Assert.assertFalse; + +import org.apache.hive.service.rpc.thrift.TOpenSessionReq; +import org.junit.Test; + +/** + * Test security in classes generated by Thrift. + */ +public class TestThriftCLIServiceSecurity { + + /** + * Ensures password isn't printed to logs from TOpenSessionReq.toString(). + * See maven-replacer-plugin code in service-rpc/pom.xml. + * + * @throws Exception + */ + @Test + public void testPasswordNotInLogs() throws Exception { + String PASSWORD = "testpassword"; + TOpenSessionReq tOpenSessionReq = new TOpenSessionReq(); + tOpenSessionReq.setPassword(PASSWORD); + assertFalse(tOpenSessionReq.toString().contains(PASSWORD)); + } + +} diff --git service-rpc/pom.xml service-rpc/pom.xml index d6a07a55bc..2f9ef455b6 100644 --- service-rpc/pom.xml +++ service-rpc/pom.xml @@ -121,29 +121,47 @@ replace + + ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/ + *.java + + + public class + @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class + true + + + public static class + @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class + true + + + public interface + @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface + true + + + + + + mask-password + process-sources + + replace + + + ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java + + + if \(this.password \=\= null\) \{\n sb.append\(\"null"\)\;\n \} else \{\n sb.append\(this.password\)\;\n \} + // Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes. + sb.append("-"); + + + + - - ${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/ - *.java - - - public class - @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class - true - - - public static class - @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class - true - - - public interface - @org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface - true - - - diff --git service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java index 3195e704f3..2550d981df 100644 --- service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java +++ service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java @@ -540,11 +540,8 @@ public String toString() { if (isSetPassword()) { if (!first) sb.append(", "); sb.append("password:"); - if (this.password == null) { - sb.append("null"); - } else { - sb.append(this.password); - } + // Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes. + sb.append("-"); first = false; } if (isSetConfiguration()) {