Nick Dimiduk created HBASE-30264:
------------------------------------

             Summary: Validate bulkToken path in 
SecureBulkLoadManager.cleanupBulkLoad
                 Key: HBASE-30264
                 URL: https://issues.apache.org/jira/browse/HBASE-30264
             Project: HBase
          Issue Type: Task
          Components: regionserver
            Reporter: Nick Dimiduk
            Assignee: Nick Dimiduk


The cleanupBulkLoad method in SecureBulkLoadManager constructs a Path directly 
from the bulkToken field of the CleanupBulkLoadRequest and passes it to 
fs.delete(path, true). The bulkToken is expected to be a staging directory 
created by prepareBulkLoad, which always places it under 
{hbase.rootdir}/staging/. However, cleanupBulkLoad does not verify that the 
supplied path is actually within the staging directory.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to