[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-16 Thread Hudson (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498802#comment-13498802
 ] 

Hudson commented on HDFS-4100:
--

Integrated in Hadoop-Mapreduce-trunk #1259 (See 
[https://builds.apache.org/job/Hadoop-Mapreduce-trunk/1259/])
HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie 
(Revision 1409995)

 Result = FAILURE
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java


> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Fix For: 3.0.0
>
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-16 Thread Hudson (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498786#comment-13498786
 ] 

Hudson commented on HDFS-4100:
--

Integrated in Hadoop-Hdfs-trunk #1228 (See 
[https://builds.apache.org/job/Hadoop-Hdfs-trunk/1228/])
HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie 
(Revision 1409995)

 Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java


> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Fix For: 3.0.0
>
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-16 Thread Hudson (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498713#comment-13498713
 ] 

Hudson commented on HDFS-4100:
--

Integrated in Hadoop-Yarn-trunk #38 (See 
[https://builds.apache.org/job/Hadoop-Yarn-trunk/38/])
HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie 
(Revision 1409995)

 Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java


> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Fix For: 3.0.0
>
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-15 Thread Hudson (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498338#comment-13498338
 ] 

Hudson commented on HDFS-4100:
--

Integrated in Hadoop-trunk-Commit #3028 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/3028/])
HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie 
(Revision 1409995)

 Result = SUCCESS
eli : http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1409995
Files : 
* /hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/qjournal/server/GetJournalEditServlet.java
* 
/hadoop/common/trunk/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java


> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-15 Thread Eli Collins (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498321#comment-13498321
 ] 

Eli Collins commented on HDFS-4100:
---

I've committed this to trunk, will leave open for branch-2 since QJM has not 
yet been merged.

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-15 Thread Eli Collins (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13498307#comment-13498307
 ] 

Eli Collins commented on HDFS-4100:
---

Thanks for the findbugs output Liang. How did you generate it?  I'm using 
findbugs 2.0.1 as well (updated hadoop-project/pom.xml) then run {{mvn compile 
findbugs:findbugs}} and then {{$FINDBUGS_HOME/bin/convertXmlToText -html 
hadoop-hdfs-project/hadoop-hdfs/target/findbugsXml.xml findbugs.html}} to 
generate the report but I don't see the security section you have.

+1 to your patch, addresses the three warnings in the output you posted.

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Sub-task
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-14 Thread Hadoop QA (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497760#comment-13497760
 ] 

Hadoop QA commented on HDFS-4100:
-

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  
http://issues.apache.org/jira/secure/attachment/12553610/HDFS-4100-findbugs.xml
  against trunk revision .

{color:red}-1 patch{color}.  The patch command could not apply the patch.

Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3513//console

This message is automatically generated.

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-14 Thread liang xie (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497734#comment-13497734
 ] 

liang xie commented on HDFS-4100:
-

Hi Eli, i used findbugs 2.0.1.  From "HDFS-4100-findbugs.xml" you'll see the 
security related stuff, e.g.  "XSS"

we should avoid output the input parameter directly, w/o any parameter 
checking:)

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100-findbugs.xml, HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-11-14 Thread Eli Collins (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13497698#comment-13497698
 ] 

Eli Collins commented on HDFS-4100:
---

Hey Liang,

What version of findbugs indicated these? I didn't see these when running 
findbugs 2.

Isn't this an issue with most of the uses of Request#getParameter? Eg the token 
string.

Thanks,
Eli

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: data-node, journal-node, security
>Affects Versions: 1.1.0, 0.23.4, 3.0.0, 2.0.2-alpha
>Reporter: liang xie
>Assignee: liang xie
> Attachments: HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira


[jira] [Commented] (HDFS-4100) Fix all findbug security warings

2012-10-22 Thread Hadoop QA (JIRA)

[ 
https://issues.apache.org/jira/browse/HDFS-4100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13481285#comment-13481285
 ] 

Hadoop QA commented on HDFS-4100:
-

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12550256/HDFS-4100.patch
  against trunk revision .

{color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

{color:red}-1 tests included{color}.  The patch doesn't appear to include 
any new or modified tests.
Please justify why no new tests are needed for this 
patch.
Also please list what manual steps were performed to 
verify this patch.

{color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

{color:green}+1 javadoc{color}.  The javadoc tool did not generate any 
warning messages.

{color:green}+1 eclipse:eclipse{color}.  The patch built with 
eclipse:eclipse.

{color:green}+1 findbugs{color}.  The patch does not introduce any new 
Findbugs (version 1.3.9) warnings.

{color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

{color:green}+1 core tests{color}.  The patch passed unit tests in 
hadoop-hdfs-project/hadoop-hdfs.

{color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: 
https://builds.apache.org/job/PreCommit-HDFS-Build/3377//testReport/
Console output: https://builds.apache.org/job/PreCommit-HDFS-Build/3377//console

This message is automatically generated.

> Fix all findbug security warings
> 
>
> Key: HDFS-4100
> URL: https://issues.apache.org/jira/browse/HDFS-4100
> Project: Hadoop HDFS
>  Issue Type: Bug
>  Components: data-node, journal-node, security
>Affects Versions: 3.0.0
>Reporter: liang xie
> Attachments: HDFS-4100.patch
>
>
> There're potential XSS risk due to lack of HTML excape

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira