[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498802#comment-13498802 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Mapreduce-trunk #1259 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1259/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = FAILURE eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498786#comment-13498786 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Hdfs-trunk #1228 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1228/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498713#comment-13498713 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Yarn-trunk #38 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/38/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498338#comment-13498338 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-trunk-Commit #3028 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/3028/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498321#comment-13498321 ] Eli Collins commented on HDFS-4100: --- I've committed this to trunk, will leave open for branch-2 since QJM has not yet been merged. > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498307#comment-13498307 ] Eli Collins commented on HDFS-4100: --- Thanks for the findbugs output Liang. How did you generate it? I'm using findbugs 2.0.1 as well (updated hadoop-project/pom.xml) then run {{mvn compile findbugs:findbugs}} and then {{$FINDBUGS_HOME/bin/convertXmlToText -html hadoop-hdfs-project/hadoop-hdfs/target/findbugsXml.xml findbugs.html}} to generate the report but I don't see the security section you have. +1 to your patch, addresses the three warnings in the output you posted. > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497760#comment-13497760 ] Hadoop QA commented on HDFS-4100: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12553610/HDFS-4100-findbugs.xml against trunk revision . {color:red}-1 patch{color}. The patch command could not apply the patch. Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3513//console This message is automatically generated. > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497734#comment-13497734 ] liang xie commented on HDFS-4100: - Hi Eli, i used findbugs 2.0.1. From "HDFS-4100-findbugs.xml" you'll see the security related stuff, e.g. "XSS" we should avoid output the input parameter directly, w/o any parameter checking:) > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497698#comment-13497698 ] Eli Collins commented on HDFS-4100: --- Hey Liang, What version of findbugs indicated these? I didn't see these when running findbugs 2. Isn't this an issue with most of the uses of Request#getParameter? Eg the token string. Thanks, Eli > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481285#comment-13481285 ] Hadoop QA commented on HDFS-4100: - {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12550256/HDFS-4100.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:green}+1 javadoc{color}. The javadoc tool did not generate any warning messages. {color:green}+1 eclipse:eclipse{color}. The patch built with eclipse:eclipse. {color:green}+1 findbugs{color}. The patch does not introduce any new Findbugs (version 1.3.9) warnings. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 core tests{color}. The patch passed unit tests in hadoop-hdfs-project/hadoop-hdfs. {color:green}+1 contrib tests{color}. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-HDFS-Build/3377//testReport/ Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3377//console This message is automatically generated. > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 3.0.0 >Reporter: liang xie > Attachments: HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira