Chip Salzenberg created HBASE-8811: -------------------------------------- Summary: REST service ignores misspelled "check=" parameter, causing unexpected mutations Key: HBASE-8811 URL: https://issues.apache.org/jira/browse/HBASE-8811 Project: HBase Issue Type: Bug Components: REST Affects Versions: 0.95.1 Reporter: Chip Salzenberg Priority: Critical
In rest.RowResource.update(), this code keeps executing a request if a misspelled check= parameter is provided. {noformat} if (CHECK_PUT.equalsIgnoreCase(check)) { return checkAndPut(model); } else if (CHECK_DELETE.equalsIgnoreCase(check)) { return checkAndDelete(model); } else if (check != null && check.length() > 0) { LOG.warn("Unknown check value: " + check + ", ignored"); } {noformat} By my reading of the code, this results in the provided cell value that was intended as a check instead being treated as a mutation, which is sure to destroy user data. Thus the priority of this bug, as it can cause corruption. I suggest that a better reaction than a warning would be, approximately: {noformat} return Response.status(Response.Status.BAD_REQUEST) .type(MIMETYPE_TEXT).entity("Invalid check value '" + check + "'") .build(); {noformat} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira