Github user JoshRosen commented on a diff in the pull request: https://github.com/apache/spark/pull/4935#discussion_r25987903 --- Diff: repl/src/main/scala/org/apache/spark/repl/ExecutorClassLoader.scala --- @@ -71,27 +72,64 @@ class ExecutorClassLoader(conf: SparkConf, classUri: String, parent: ClassLoader } } + private def getClassFileInputStreamFromHttpServer(pathInDirectory: String): InputStream = { + val url: URL = if (SparkEnv.get.securityManager.isAuthenticationEnabled()) { + val uri = new URI(classUri + "/" + urlEncode(pathInDirectory)) + Utils.constructURIForAuthentication(uri, SparkEnv.get.securityManager).toURL + } else { + new URL(classUri + "/" + urlEncode(pathInDirectory)) + } + val connection = url.openConnection().asInstanceOf[HttpURLConnection] + if (connection.asInstanceOf[HttpURLConnection].getResponseCode != 200) { --- End diff -- Yep, even this is still subtly-unsafe due to HttpUrlConnection's weird KeepAlive behavior: https://plumbr.eu/blog/12-year-old-bug-in-jdk-still-out-there-leaking-memory https://news.ycombinator.com/item?id=4931911
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org