[ https://issues.apache.org/jira/browse/HBASE-13294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378605#comment-14378605 ]
Srikanth Srungarapu commented on HBASE-13294: --------------------------------------------- Javadoc warnings not related. {code} [WARNING] Javadoc Warnings [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/regionserver/ReplicationSourceManager.java:122: warning - @param argument "stopper" is not a parameter name. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/replication/regionserver/ReplicationSourceManager.java:370: warning - @param argument "stopper" is not a parameter name. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/mapred/TableInputFormatBase.java:73: warning - @Override is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityController.java:488: warning - @return tag has no arguments. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:86: warning - @link#getUserAuths(byte[], is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:153: warning - @link#havingSystemAuth(User) is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:86: warning - @link#getUserAuths(byte[], is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:153: warning - @link#havingSystemAuth(User) is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/master/AssignmentListener.java:44: warning - @param argument "serverName" is not a parameter name. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/ipc/RpcServer.java:2295: warning - Tag @see: can't find channelWrite(java.nio.channels.WritableByteChannel, java.nio.ByteBuffer) in org.apache.hadoop.hbase.ipc.RpcServer [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/RegionServerServices.java:144: warning - @param argument "instance" is not a parameter name. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/SplitLogWorker.java:437: warning - @return tag has no arguments. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/wal/HLogSplitter.java:1897: warning - @return tag has no arguments. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/mapreduce/TableInputFormatBase.java:90: warning - @Override is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/mapreduce/TableSnapshotInputFormat.java:98: warning - Tag @link: reference not found: ExportSnapshot [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/BlockCacheUtil.java:235: warning - Tag @see: reference not found: getLoadedCachedBlocksByFile [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:86: warning - @link#getUserAuths(byte[], is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:153: warning - @link#havingSystemAuth(User) is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:86: warning - @link#getUserAuths(byte[], is an unknown tag. [WARNING] /home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelService.java:153: warning - @link#havingSystemAuth(User) is an unknown tag. {code} Grepped for changed files in [findbugs|https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html] warnings, but not matches. > Fix the critical ancient loopholes in security testing infrastructure. > ---------------------------------------------------------------------- > > Key: HBASE-13294 > URL: https://issues.apache.org/jira/browse/HBASE-13294 > Project: HBase > Issue Type: Bug > Reporter: Srikanth Srungarapu > Assignee: Srikanth Srungarapu > Attachments: HBASE-13294-0.98.patch, HBASE-13294-0.98.patch, > HBASE-13294.patch, HBASE-13294_v2.patch, HBASE-13294_v3.patch, > HBASE-13294_v3.patch, HBASE-13294_v4.patch, HBASE-13294_v5.patch, > HBASE-13294_v6.patch, HBASE-13294_v6.patch > > > Unfortunately, the "verifyDenied" method doesn't fail when action parameter > returns null. The relevant code snippet > {code} > try { > Object obj = user.runAs(action); > if (requireException) { > fail("Expected exception was not thrown for user '" + > user.getShortName() + "'"); > } > if (obj != null && obj instanceof List<?>) { > List<?> results = (List<?>) obj; > if (results != null && !results.isEmpty()) { > fail("Unexpected results for user '" + user.getShortName() + "'"); > } > } > } > {code} > As you can see, when obj is null, it returns silently. > Fixing this issue has uncovered another major bug. While constructing > actions, we're using TEST_UTIL.getConnection(), which replaces the "doAs" > user with the user who initiated the connection. I really am grateful to > [~mbertozzi] without whom debugging this would have been a nightmare. > Now, fixing these two issues have uncovered more issues in our tests :). The > main one is we're allowing the table owner to truncate table in code. But, in > test, we're not allowing him. We should either remove the code that allows > owner or document that the table owner can truncate table. > The other minor issues include granting permissions to namespace, but > checking whether user was able to access tables inside other namespace. > That's it, folks! -- This message was sent by Atlassian JIRA (v6.3.4#6332)