[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498802#comment-13498802 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Mapreduce-trunk #1259 (See [https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1259/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = FAILURE eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498786#comment-13498786 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Hdfs-trunk #1228 (See [https://builds.apache.org/job/Hadoop-Hdfs-trunk/1228/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498713#comment-13498713 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-Yarn-trunk #38 (See [https://builds.apache.org/job/Hadoop-Yarn-trunk/38/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Fix For: 3.0.0 > > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498338#comment-13498338 ] Hudson commented on HDFS-4100: -- Integrated in Hadoop-trunk-Commit #3028 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/3028/]) HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie (Revision 1409995) Result = SUCCESS eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995 Files : * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java * /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498321#comment-13498321 ] Eli Collins commented on HDFS-4100: --- I've committed this to trunk, will leave open for branch-2 since QJM has not yet been merged. > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Sub-task > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498307#comment-13498307
]
Eli Collins commented on HDFS-4100:
---
Thanks for the findbugs output Liang. How did you generate it? I'm using
findbugs 2.0.1 as well (updated hadoop-project/pom.xml) then run {{mvn compile
findbugs:findbugs}} and then {{$FINDBUGS_HOME/bin/convertXmlToText -html
hadoop-hdfs-project/hadoop-hdfs/target/findbugsXml.xml findbugs.html}} to
generate the report but I don't see the security section you have.
+1 to your patch, addresses the three warnings in the output you posted.
> Fix all findbug security warings
>
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
> Issue Type: Sub-task
> Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497760#comment-13497760
]
Hadoop QA commented on HDFS-4100:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12553610/HDFS-4100-findbugs.xml
against trunk revision .
{color:red}-1 patch{color}. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3513//console
This message is automatically generated.
> Fix all findbug security warings
>
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497734#comment-13497734 ] liang xie commented on HDFS-4100: - Hi Eli, i used findbugs 2.0.1. From "HDFS-4100-findbugs.xml" you'll see the security related stuff, e.g. "XSS" we should avoid output the input parameter directly, w/o any parameter checking:) > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[ https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497698#comment-13497698 ] Eli Collins commented on HDFS-4100: --- Hey Liang, What version of findbugs indicated these? I didn't see these when running findbugs 2. Isn't this an issue with most of the uses of Request#getParameter? Eg the token string. Thanks, Eli > Fix all findbug security warings > > > Key: HDFS-4100 > URL: https://issues.apache.org/jira/browse/HDFS-4100 > Project: Hadoop HDFS > Issue Type: Bug > Components: data-node, journal-node, security >Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha >Reporter: liang xie >Assignee: liang xie > Attachments: HDFS-4100.patch > > > There're potential XSS risk due to lack of HTML excape -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HDFS-4100) Fix all findbug security warings
[
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481285#comment-13481285
]
Hadoop QA commented on HDFS-4100:
-
{color:red}-1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12550256/HDFS-4100.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include
any new or modified tests.
Please justify why no new tests are needed for this
patch.
Also please list what manual steps were performed to
verify this patch.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. The javadoc tool did not generate any
warning messages.
{color:green}+1 eclipse:eclipse{color}. The patch built with
eclipse:eclipse.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 1.3.9) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
hadoop-hdfs-project/hadoop-hdfs.
{color:green}+1 contrib tests{color}. The patch passed contrib unit tests.
Test results:
https://builds.apache.org/job/PreCommit-HDFS-Build/3377//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3377//console
This message is automatically generated.
> Fix all findbug security warings
>
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: data-node, journal-node, security
>Affects Versions: 3.0.0
>Reporter: liang xie
> Attachments: HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
