[jira] [Commented] (HADOOP-19079) check that class that is loaded is really an exception

[ASF GitHub Bot (Jira)]

    [ 
https://issues.apache.org/jira/browse/HADOOP-19079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831906#comment-17831906
 ] 

ASF GitHub Bot commented on HADOOP-19079:
-----------------------------------------

pjfanning commented on code in PR #6557:
URL: https://github.com/apache/hadoop/pull/6557#discussion_r1543349031


##########
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/util/TestHttpExceptionUtils.java:
##########
@@ -87,35 +89,31 @@ public void testValidateResponseOK() throws IOException {
     HttpExceptionUtils.validateResponse(conn, HttpURLConnection.HTTP_CREATED);
   }
 
-  @Test(expected = IOException.class)
-  public void testValidateResponseFailNoErrorMessage() throws IOException {
+  @Test
+  public void testValidateResponseFailNoErrorMessage() throws Exception {
     HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
     Mockito.when(conn.getResponseCode()).thenReturn(
         HttpURLConnection.HTTP_BAD_REQUEST);
-    HttpExceptionUtils.validateResponse(conn, HttpURLConnection.HTTP_CREATED);
+    LambdaTestUtils.intercept(IOException.class,
+            () -> HttpExceptionUtils.validateResponse(conn, 
HttpURLConnection.HTTP_CREATED));
   }
 
   @Test
-  public void testValidateResponseNonJsonErrorMessage() throws IOException {
+  public void testValidateResponseNonJsonErrorMessage() throws Exception {
     String msg = "stream";
-    InputStream is = new ByteArrayInputStream(msg.getBytes());
+    InputStream is = new 
ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8));
     HttpURLConnection conn = Mockito.mock(HttpURLConnection.class);
     Mockito.when(conn.getErrorStream()).thenReturn(is);
     Mockito.when(conn.getResponseMessage()).thenReturn("msg");
     Mockito.when(conn.getResponseCode()).thenReturn(
         HttpURLConnection.HTTP_BAD_REQUEST);
-    try {
-      HttpExceptionUtils.validateResponse(conn, 
HttpURLConnection.HTTP_CREATED);
-      Assert.fail();
-    } catch (IOException ex) {
-      Assert.assertTrue(ex.getMessage().contains("msg"));
-      Assert.assertTrue(ex.getMessage().contains("" +
-          HttpURLConnection.HTTP_BAD_REQUEST));
-    }
+    LambdaTestUtils.intercept(IOException.class,

Review Comment:
   the test is not brittle - if someone changes the format of the exception 
message, it could break but that would be sort of expected if you go changing 
the format of exception messages





> check that class that is loaded is really an exception
> ------------------------------------------------------
>
>                 Key: HADOOP-19079
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19079
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: common, security
>            Reporter: PJ Fanning
>            Priority: Major
>              Labels: pull-request-available
>
> It can be dangerous taking class names as inputs from HTTP messages even if 
> we control the source. Issue is in HttpExceptionUtils in hadoop-common 
> (validateResponse method).
> I can provide a PR that will highlight the issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org