subject:"hbase git commit\: HBASE\-15946. Eliminate possible security concerns in Store File metrics."

[49/50] hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.

2016-06-10 Thread syuanjiang

HBASE-15946. Eliminate possible security concerns in Store File metrics.

Invoking 'hbase hfile' inside a servlet raises several concerns. This
patch avoids invoking a separate process, and also adds validation that
the file being read is at least inside the HBase root directory.

Signed-off-by: Mikhail Antonov 


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/6da6babe
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/6da6babe
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/6da6babe

Branch: refs/heads/hbase-12439
Commit: 6da6babe4faa7b2b16775d3cd5c861e71ef4cf31
Parents: babdedc
Author: Sean Mackrory 
Authored: Tue May 31 10:28:27 2016 -0600
Committer: Mikhail Antonov 
Committed: Thu Jun 9 16:08:19 2016 -0700

--
 .../hbase/io/hfile/HFilePrettyPrinter.java  | 108 ---
 .../hbase-webapps/regionserver/storeFile.jsp|  35 +++---
 2 files changed, 83 insertions(+), 60 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/hbase/blob/6da6babe/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
--
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
index e9e21fe..36067e5 100644
--- 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
+++ 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
@@ -1,4 +1,3 @@
-
 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
@@ -115,6 +114,8 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
   private Map mobFileLocations;
   private static final int FOUND_MOB_FILES_CACHE_CAPACITY = 50;
   private static final int MISSING_MOB_FILES_CACHE_CAPACITY = 20;
+  private PrintStream out = System.out;
+  private PrintStream err = System.err;
 
   /**
* The row which the user wants to specify and print all the KeyValues for.
@@ -161,6 +162,11 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 options.addOptionGroup(files);
   }
 
+  public void setPrintStreams(PrintStream out, PrintStream err) {
+this.out = out;
+this.err = err;
+  }
+
   public boolean parseOptions(String args[]) throws ParseException,
   IOException {
 if (args.length == 0) {
@@ -192,7 +198,7 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 row = Bytes.toBytesBinary(key);
 isSeekToRow = true;
   } else {
-System.err.println("Invalid row is specified.");
+err.println("Invalid row is specified.");
 System.exit(-1);
   }
 }
@@ -206,17 +212,17 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
   String enc = HRegionInfo.encodeRegionName(rn);
   Path regionDir = new Path(tableDir, enc);
   if (verbose)
-System.out.println("region dir -> " + regionDir);
+out.println("region dir -> " + regionDir);
   List regionFiles = HFile.getStoreFiles(FileSystem.get(getConf()),
   regionDir);
   if (verbose)
-System.out.println("Number of region files found -> "
+out.println("Number of region files found -> "
 + regionFiles.size());
   if (verbose) {
 int i = 1;
 for (Path p : regionFiles) {
   if (verbose)
-System.out.println("Found file[" + i++ + "] -> " + p);
+out.println("Found file[" + i++ + "] -> " + p);
 }
   }
   files.addAll(regionFiles);
@@ -255,27 +261,46 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 // iterate over all files found
 for (Path fileName : files) {
   try {
-processFile(fileName);
+int exitCode = processFile(fileName);
+if (exitCode != 0) {
+  return exitCode;
+}
   } catch (IOException ex) {
 LOG.error("Error reading " + fileName, ex);
-System.exit(-2);
+return -2;
   }
 }
 
 if (verbose || printKey) {
-  System.out.println("Scanned kv count -> " + count);
+  out.println("Scanned kv count -> " + count);
 }
 
 return 0;
   }
 
-  private void processFile(Path file) throws IOException {
+  public int processFile(Path file) throws IOException {
 if (verbose)
-  System.out.println("Scanning -> " + file);
+  out.println("Scanning -> " + file);
+
+Path rootPath = FSUtils.getRootDir(getConf());
+String rootString = rootPath + rootPath.SEPARATOR;
+if (!file.toString().startsWith(rootString)) {
+  // First we see if

hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.

2016-06-09 Thread antonov

Repository: hbase
Updated Branches:
  refs/heads/master babdedc1b -> 6da6babe4


HBASE-15946. Eliminate possible security concerns in Store File metrics.

Invoking 'hbase hfile' inside a servlet raises several concerns. This
patch avoids invoking a separate process, and also adds validation that
the file being read is at least inside the HBase root directory.

Signed-off-by: Mikhail Antonov 


Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/6da6babe
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/6da6babe
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/6da6babe

Branch: refs/heads/master
Commit: 6da6babe4faa7b2b16775d3cd5c861e71ef4cf31
Parents: babdedc
Author: Sean Mackrory 
Authored: Tue May 31 10:28:27 2016 -0600
Committer: Mikhail Antonov 
Committed: Thu Jun 9 16:08:19 2016 -0700

--
 .../hbase/io/hfile/HFilePrettyPrinter.java  | 108 ---
 .../hbase-webapps/regionserver/storeFile.jsp|  35 +++---
 2 files changed, 83 insertions(+), 60 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/hbase/blob/6da6babe/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
--
diff --git 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
index e9e21fe..36067e5 100644
--- 
a/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
+++ 
b/hbase-server/src/main/java/org/apache/hadoop/hbase/io/hfile/HFilePrettyPrinter.java
@@ -1,4 +1,3 @@
-
 /*
  *
  * Licensed to the Apache Software Foundation (ASF) under one
@@ -115,6 +114,8 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
   private Map mobFileLocations;
   private static final int FOUND_MOB_FILES_CACHE_CAPACITY = 50;
   private static final int MISSING_MOB_FILES_CACHE_CAPACITY = 20;
+  private PrintStream out = System.out;
+  private PrintStream err = System.err;
 
   /**
* The row which the user wants to specify and print all the KeyValues for.
@@ -161,6 +162,11 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 options.addOptionGroup(files);
   }
 
+  public void setPrintStreams(PrintStream out, PrintStream err) {
+this.out = out;
+this.err = err;
+  }
+
   public boolean parseOptions(String args[]) throws ParseException,
   IOException {
 if (args.length == 0) {
@@ -192,7 +198,7 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 row = Bytes.toBytesBinary(key);
 isSeekToRow = true;
   } else {
-System.err.println("Invalid row is specified.");
+err.println("Invalid row is specified.");
 System.exit(-1);
   }
 }
@@ -206,17 +212,17 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
   String enc = HRegionInfo.encodeRegionName(rn);
   Path regionDir = new Path(tableDir, enc);
   if (verbose)
-System.out.println("region dir -> " + regionDir);
+out.println("region dir -> " + regionDir);
   List regionFiles = HFile.getStoreFiles(FileSystem.get(getConf()),
   regionDir);
   if (verbose)
-System.out.println("Number of region files found -> "
+out.println("Number of region files found -> "
 + regionFiles.size());
   if (verbose) {
 int i = 1;
 for (Path p : regionFiles) {
   if (verbose)
-System.out.println("Found file[" + i++ + "] -> " + p);
+out.println("Found file[" + i++ + "] -> " + p);
 }
   }
   files.addAll(regionFiles);
@@ -255,27 +261,46 @@ public class HFilePrettyPrinter extends Configured 
implements Tool {
 // iterate over all files found
 for (Path fileName : files) {
   try {
-processFile(fileName);
+int exitCode = processFile(fileName);
+if (exitCode != 0) {
+  return exitCode;
+}
   } catch (IOException ex) {
 LOG.error("Error reading " + fileName, ex);
-System.exit(-2);
+return -2;
   }
 }
 
 if (verbose || printKey) {
-  System.out.println("Scanned kv count -> " + count);
+  out.println("Scanned kv count -> " + count);
 }
 
 return 0;
   }
 
-  private void processFile(Path file) throws IOException {
+  public int processFile(Path file) throws IOException {
 if (verbose)
-  System.out.println("Scanning -> " + file);
+  out.println("Scanning -> " + file);
+
+Path rootPath = FSUtils.getRootDir(getConf());
+String rootString = rootPath + rootPath.SEPARATOR;
+if

[49/50] hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.

hbase git commit: HBASE-15946. Eliminate possible security concerns in Store File metrics.

2 matches

Site Navigation

Mail list logo

Footer information