Review Request 73730: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797

Dhaval Shah Sun, 28 Nov 2021 22:38:54 -0800

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73730/
-----------------------------------------------------------


Review request for ranger, bhavik patel, Dineshkumar Yadav, Kishore 
Gopalakrishna, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Pradeep 
Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy.


Bugs: RANGER-3521
    https://issues.apache.org/jira/browse/RANGER-3521


Repository: ranger


Description
-------

We found the vulnerability related to ranger KMS on SSL port.

Ranger KMS is not enforcing HSTS on SSL port defined by RFC 6797.


Diffs
-----

  kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
f0e92b865 


Diff: https://reviews.apache.org/r/73730/diff/1/


Testing
-------

Successfully validated.
1.) Ranger Build.
2.) Validated HSTS tag in Reponse Header for Ranger KMS CURL response for GET, 
CREATE, ROLLOVER, DELETE, GET METADATA key.

E.G. : 
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains


Thanks,

Dhaval Shah

Review Request 73730: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797

Reply via email to