[ https://issues.apache.org/jira/browse/HBASE-8811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694471#comment-13694471 ]
Andrew Purtell commented on HBASE-8811: --------------------------------------- Agreed, let me commit this after testing the change. Thanks for reporting this [~chipdude]. > REST service ignores misspelled "check=" parameter, causing unexpected > mutations > -------------------------------------------------------------------------------- > > Key: HBASE-8811 > URL: https://issues.apache.org/jira/browse/HBASE-8811 > Project: HBase > Issue Type: Bug > Components: REST > Affects Versions: 0.95.1 > Reporter: Chip Salzenberg > Priority: Critical > > In rest.RowResource.update(), this code keeps executing a request if a > misspelled check= parameter is provided. > {noformat} > if (CHECK_PUT.equalsIgnoreCase(check)) { > return checkAndPut(model); > } else if (CHECK_DELETE.equalsIgnoreCase(check)) { > return checkAndDelete(model); > } else if (check != null && check.length() > 0) { > LOG.warn("Unknown check value: " + check + ", ignored"); > } > {noformat} > By my reading of the code, this results in the provided cell value that was > intended as a check instead being treated as a mutation, which is sure to > destroy user data. Thus the priority of this bug, as it can cause corruption. > I suggest that a better reaction than a warning would be, approximately: > {noformat} > return Response.status(Response.Status.BAD_REQUEST) > .type(MIMETYPE_TEXT).entity("Invalid check value '" + check + "'") > .build(); > {noformat} -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira