[
https://issues.apache.org/jira/browse/OOZIE-2244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15405636#comment-15405636
]
Hadoop QA commented on OOZIE-2244:
----------------------------------
Testing JIRA OOZIE-2244
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:green}+1{color} the patch does not introduce any @author tags
. {color:green}+1{color} the patch does not introduce any tabs
. {color:green}+1{color} the patch does not introduce any trailing spaces
. {color:green}+1{color} the patch does not introduce any line longer than
132
. {color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
. {color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
{color:red}-1 COMPILE{color}
. {color:red}-1{color} HEAD does not compile
. {color:red}-1{color} patch does not compile
. {color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
. Tests run: 1792
. Tests failed: 0
. Tests errors: 1
. The patch failed the following testcases:
.
{color:green}+1 DISTRO{color}
. {color:green}+1{color} distro tarball builds with the patch
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/oozie-trunk-precommit-build/3178/
> Oozie should mask passwords in the logs when logging command arguments
> ----------------------------------------------------------------------
>
> Key: OOZIE-2244
> URL: https://issues.apache.org/jira/browse/OOZIE-2244
> Project: Oozie
> Issue Type: Bug
> Affects Versions: 4.1.0, 4.0.1
> Environment: All
> Reporter: Venkat Ranganathan
> Assignee: Venkat Ranganathan
> Priority: Critical
> Fix For: 4.3.0
>
> Attachments: OOZIE-2244-01.patch, OOZIE-2244-no-prefix.patch
>
>
> Users have complained that oozie logging the password related argument values
> in the launcher log is a security hole and want it to be masked in the
> output. Even password aliases in keystore are considered to be a security
> hole.
> The fix is to mask any argument values if option name contains the string
> password (which is true for Sqoop). We do this in multiple places, in Sqoop
> main, in Launcher Mapper, in JavaMain as well.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
