[jira] [Commented] (HBASE-16071) The VisibilityLabelFilter and AccessControlFilter should not count the "delete cell"

[ChiaPing Tsai (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-16071?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15607878#comment-15607878
 ] 

ChiaPing Tsai commented on HBASE-16071:
---------------------------------------

{quote}
May be we need to consider
version = Math.min(requestedMaxVersion , hcd.getMaxVersions());
{quote}
The AccessControlFilter's max version should be equal with 
ScanWildcardColumnTracker’s max version. I mean doing this
{noformat}
    int maxVersions = scan.isRaw() ? scan.getMaxVersions()
        : Math.min(scan.getMaxVersions(), scanInfo.getMaxVersions());
{noformat}
If AccessControlFilter's max version is bigger than ScanWildcardColumnTracker’s 
max version, AccessControlFilter will authorize the unnecessary cell. Because 
the Filter#filterKeyValue(cell) is getting called before calling 
ColumnTracker#checkVersions.
{code:title=UserScanQueryMatcher.java|borderStyle=solid}

    ReturnCode filterResponse = ReturnCode.SKIP;
    // STEP 2: Yes, the column is part of the requested columns. Check if 
filter is present
    if (filter != null) {
      // STEP 3: Filter the key value and return if it filters out
      filterResponse = filter.filterKeyValue(cell);
      switch (filterResponse) {
        case SKIP:
          return MatchCode.SKIP;
        case NEXT_COL:
          return columns.getNextRowOrNextColumn(cell);
        case NEXT_ROW:
          stickyNextRow = true;
          return MatchCode.SEEK_NEXT_ROW;
        case SEEK_NEXT_USING_HINT:
          return MatchCode.SEEK_NEXT_USING_HINT;
        default:
          // It means it is either include or include and seek next
          break;
      }
    }
    colChecker = columns.checkVersions(cell, timestamp, typeByte, false);

{code}
If AccessControlFilter's max version is smaller than 
ScanWildcardColumnTracker’s max version, AccessControlFilter will loss some 
cells.

bq. But Filter#filterCell is getting called before applying deleted logic, 
expiry logic etc.
(If the Filter#filterCell is the Filter#filterKeyValue)
The RawScanQueryMatcher#match(cell) is shown below.
{code:title=RawScanQueryMatcher.java|borderStyle=solid}
  @Override
  public MatchCode match(Cell cell) throws IOException {
    if (filter != null && filter.filterAllRemaining()) {
      return MatchCode.DONE_SCAN;
    }
    MatchCode returnCode = preCheck(cell);
    if (returnCode != null) {
      return returnCode;
    }
    // For a raw scan, we do not filter out any cells by delete marker, and 
delete marker is also
    // returned, so we do not need to track delete.
    return matchColumn(cell);
  }
{code}
The expiry logic is implemented in ScanQueryMatcher#preCheck. So 
Filter#filterKeyValue is getting called “after” applying expiry logic. And the 
RawScanQueryMatcher doesn’t apply any deleted logic. So it seems to me that the 
deleted logic and expiry logic are not problem.

Sorry if I made any mistake, and thanks for your feedback.

> The VisibilityLabelFilter and AccessControlFilter should not count the 
> "delete cell"
> ------------------------------------------------------------------------------------
>
>                 Key: HBASE-16071
>                 URL: https://issues.apache.org/jira/browse/HBASE-16071
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 2.0.0
>            Reporter: ChiaPing Tsai
>            Assignee: ChiaPing Tsai
>            Priority: Minor
>             Fix For: 2.0.0, 1.4.0, 1.3.1
>
>         Attachments: HBASE-16071-v1.patch, HBASE-16071-v2.patch, 
> HBASE-16071-v3.patch
>
>
> The VisibilityLabelFilter will see and count the "delete cell" if the 
> scan.isRaw() returns true, so the (put) cell will be skipped if it has lower 
> version than "delete cell"
> The critical code is shown below:
> {code:title=VisibilityLabelFilter.java|borderStyle=solid}
>   public ReturnCode filterKeyValue(Cell cell) throws IOException {
>     if (curFamily.getBytes() == null
>         || !(CellUtil.matchingFamily(cell, curFamily.getBytes(), 
> curFamily.getOffset(),
>             curFamily.getLength()))) {
>       curFamily.set(cell.getFamilyArray(), cell.getFamilyOffset(), 
> cell.getFamilyLength());
>       // For this family, all the columns can have max of 
> curFamilyMaxVersions versions. No need to
>       // consider the older versions for visibility label check.
>       // Ideally this should have been done at a lower layer by HBase (?)
>       curFamilyMaxVersions = cfVsMaxVersions.get(curFamily);
>       // Family is changed. Just unset curQualifier.
>       curQualifier.unset();
>     }
>     if (curQualifier.getBytes() == null
>         || !(CellUtil.matchingQualifier(cell, curQualifier.getBytes(), 
> curQualifier.getOffset(),
>             curQualifier.getLength()))) {
>       curQualifier.set(cell.getQualifierArray(), cell.getQualifierOffset(),
>           cell.getQualifierLength());
>       curQualMetVersions = 0;
>     }
>     curQualMetVersions++;
>     if (curQualMetVersions > curFamilyMaxVersions) {
>       return ReturnCode.SKIP;
>     }
>     return this.expEvaluator.evaluate(cell) ? ReturnCode.INCLUDE : 
> ReturnCode.SKIP;
>   }
> {code}
> [VisibilityLabelFilter.java|https://github.com/apache/hbase/blob/d7a4499dfc8b3936a0eca867589fc2b23b597866/hbase-server/src/main/java/org/apache/hadoop/hbase/security/visibility/VisibilityLabelFilter.java]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)