[49/50] hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.
HBASE-15946. Eliminate possible security concerns in Store File metrics. Invoking 'hbase hfile' inside a servlet raises several concerns. This patch avoids invoking a separate process, and also adds validation that the file being read is at least inside the HBase root directory. Signed-off-by: Mikhail AntonovProject: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/6da6babe Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/6da6babe Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/6da6babe Branch: refs/heads/hbase-12439 Commit: 6da6babe4faa7b2b16775d3cd5c861e71ef4cf31 Parents: babdedc Author: Sean Mackrory Authored: Tue May 31 10:28:27 2016 -0600 Committer: Mikhail Antonov Committed: Thu Jun 9 16:08:19 2016 -0700 -- .../hbase/io/hfile/HFilePrettyPrinter.java | 108 --- .../hbase-webapps/regionserver/storeFile.jsp| 35 +++--- 2 files changed, 83 insertions(+), 60 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/6da6babe/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java index e9e21fe..36067e5 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java @@ -1,4 +1,3 @@ - /* * * Licensed to the Apache Software Foundation (ASF) under one @@ -115,6 +114,8 @@ public class HFilePrettyPrinter extends Configured implements Tool { private Map mobFileLocations; private static final int FOUND_MOB_FILES_CACHE_CAPACITY = 50; private static final int MISSING_MOB_FILES_CACHE_CAPACITY = 20; + private PrintStream out = System.out; + private PrintStream err = System.err; /** * The row which the user wants to specify and print all the KeyValues for. @@ -161,6 +162,11 @@ public class HFilePrettyPrinter extends Configured implements Tool { options.addOptionGroup(files); } + public void setPrintStreams(PrintStream out, PrintStream err) { +this.out = out; +this.err = err; + } + public boolean parseOptions(String args[]) throws ParseException, IOException { if (args.length == 0) { @@ -192,7 +198,7 @@ public class HFilePrettyPrinter extends Configured implements Tool { row = Bytes.toBytesBinary(key); isSeekToRow = true; } else { -System.err.println("Invalid row is specified."); +err.println("Invalid row is specified."); System.exit(-1); } } @@ -206,17 +212,17 @@ public class HFilePrettyPrinter extends Configured implements Tool { String enc = HRegionInfo.encodeRegionName(rn); Path regionDir = new Path(tableDir, enc); if (verbose) -System.out.println("region dir -> " + regionDir); +out.println("region dir -> " + regionDir); List regionFiles = HFile.getStoreFiles(FileSystem.get(getConf()), regionDir); if (verbose) -System.out.println("Number of region files found -> " +out.println("Number of region files found -> " + regionFiles.size()); if (verbose) { int i = 1; for (Path p : regionFiles) { if (verbose) -System.out.println("Found file[" + i++ + "] -> " + p); +out.println("Found file[" + i++ + "] -> " + p); } } files.addAll(regionFiles); @@ -255,27 +261,46 @@ public class HFilePrettyPrinter extends Configured implements Tool { // iterate over all files found for (Path fileName : files) { try { -processFile(fileName); +int exitCode = processFile(fileName); +if (exitCode != 0) { + return exitCode; +} } catch (IOException ex) { LOG.error("Error reading " + fileName, ex); -System.exit(-2); +return -2; } } if (verbose || printKey) { - System.out.println("Scanned kv count -> " + count); + out.println("Scanned kv count -> " + count); } return 0; } - private void processFile(Path file) throws IOException { + public int processFile(Path file) throws IOException { if (verbose) - System.out.println("Scanning -> " + file); + out.println("Scanning -> " + file); + +Path rootPath = FSUtils.getRootDir(getConf()); +String rootString = rootPath + rootPath.SEPARATOR; +if (!file.toString().startsWith(rootString)) { + // First we see if
hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.
Repository: hbase Updated Branches: refs/heads/master babdedc1b -> 6da6babe4 HBASE-15946. Eliminate possible security concerns in Store File metrics. Invoking 'hbase hfile' inside a servlet raises several concerns. This patch avoids invoking a separate process, and also adds validation that the file being read is at least inside the HBase root directory. Signed-off-by: Mikhail AntonovProject: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/6da6babe Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/6da6babe Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/6da6babe Branch: refs/heads/master Commit: 6da6babe4faa7b2b16775d3cd5c861e71ef4cf31 Parents: babdedc Author: Sean Mackrory Authored: Tue May 31 10:28:27 2016 -0600 Committer: Mikhail Antonov Committed: Thu Jun 9 16:08:19 2016 -0700 -- .../hbase/io/hfile/HFilePrettyPrinter.java | 108 --- .../hbase-webapps/regionserver/storeFile.jsp| 35 +++--- 2 files changed, 83 insertions(+), 60 deletions(-) -- http://git-wip-us.apache.org/repos/asf/hbase/blob/6da6babe/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java -- diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java index e9e21fe..36067e5 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java @@ -1,4 +1,3 @@ - /* * * Licensed to the Apache Software Foundation (ASF) under one @@ -115,6 +114,8 @@ public class HFilePrettyPrinter extends Configured implements Tool { private Map mobFileLocations; private static final int FOUND_MOB_FILES_CACHE_CAPACITY = 50; private static final int MISSING_MOB_FILES_CACHE_CAPACITY = 20; + private PrintStream out = System.out; + private PrintStream err = System.err; /** * The row which the user wants to specify and print all the KeyValues for. @@ -161,6 +162,11 @@ public class HFilePrettyPrinter extends Configured implements Tool { options.addOptionGroup(files); } + public void setPrintStreams(PrintStream out, PrintStream err) { +this.out = out; +this.err = err; + } + public boolean parseOptions(String args[]) throws ParseException, IOException { if (args.length == 0) { @@ -192,7 +198,7 @@ public class HFilePrettyPrinter extends Configured implements Tool { row = Bytes.toBytesBinary(key); isSeekToRow = true; } else { -System.err.println("Invalid row is specified."); +err.println("Invalid row is specified."); System.exit(-1); } } @@ -206,17 +212,17 @@ public class HFilePrettyPrinter extends Configured implements Tool { String enc = HRegionInfo.encodeRegionName(rn); Path regionDir = new Path(tableDir, enc); if (verbose) -System.out.println("region dir -> " + regionDir); +out.println("region dir -> " + regionDir); List regionFiles = HFile.getStoreFiles(FileSystem.get(getConf()), regionDir); if (verbose) -System.out.println("Number of region files found -> " +out.println("Number of region files found -> " + regionFiles.size()); if (verbose) { int i = 1; for (Path p : regionFiles) { if (verbose) -System.out.println("Found file[" + i++ + "] -> " + p); +out.println("Found file[" + i++ + "] -> " + p); } } files.addAll(regionFiles); @@ -255,27 +261,46 @@ public class HFilePrettyPrinter extends Configured implements Tool { // iterate over all files found for (Path fileName : files) { try { -processFile(fileName); +int exitCode = processFile(fileName); +if (exitCode != 0) { + return exitCode; +} } catch (IOException ex) { LOG.error("Error reading " + fileName, ex); -System.exit(-2); +return -2; } } if (verbose || printKey) { - System.out.println("Scanned kv count -> " + count); + out.println("Scanned kv count -> " + count); } return 0; } - private void processFile(Path file) throws IOException { + public int processFile(Path file) throws IOException { if (verbose) - System.out.println("Scanning -> " + file); + out.println("Scanning -> " + file); + +Path rootPath = FSUtils.getRootDir(getConf()); +String rootString = rootPath + rootPath.SEPARATOR; +if