[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636835#comment-16636835 ] Peter Vary commented on HIVE-20544: --- +1 > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16636004#comment-16636004 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12942095/HIVE-20544.4.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:green}SUCCESS:{color} +1 due to 15007 tests passed Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14182/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14182/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14182/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12942095 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16635955#comment-16635955 ] Hive QA commented on HIVE-20544: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 34s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 53s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 52s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 23s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 37s{color} | {color:blue} itests/hive-unit in master has 2 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 37s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 10s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 54s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 17s{color} | {color:red} itests/hive-unit: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 2s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 44s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 37s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 13s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 15m 23s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile xml | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14182/dev-support/hive-personality.sh | | git revision | master / 499539f | | Default Java | 1.8.0_111 | | findbugs | v3.0.0 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-14182/yetus/diff-checkstyle-itests_hive-unit.txt | | modules | C: service-rpc itests/hive-unit U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14182/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit==
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634092#comment-16634092 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941949/HIVE-20544.4.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 15008 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestMiniLlapLocalCliDriver.testCliDriver[load_dyn_part3] (batchId=160) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14157/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14157/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14157/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12941949 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634022#comment-16634022 ] Hive QA commented on HIVE-20544: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 44s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 49s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 53s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 22s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 40s{color} | {color:blue} itests/hive-unit in master has 2 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 41s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 10s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 16s{color} | {color:red} itests/hive-unit: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 45s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 39s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 13s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 15m 38s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile xml | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14157/dev-support/hive-personality.sh | | git revision | master / 4570807 | | Default Java | 1.8.0_111 | | findbugs | v3.0.0 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-14157/yetus/diff-checkstyle-itests_hive-unit.txt | | modules | C: service-rpc itests/hive-unit U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14157/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relev
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16633484#comment-16633484 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941893/HIVE-20544.4.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 8 failed/errored test(s), 15010 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestMiniLlapLocalCliDriver.testCliDriver[load_dyn_part3] (batchId=160) org.apache.hive.jdbc.TestActivePassiveHA.testActivePassiveHA (batchId=252) org.apache.hive.jdbc.TestActivePassiveHA.testClientConnectionsOnFailover (batchId=252) org.apache.hive.jdbc.TestActivePassiveHA.testConnectionActivePassiveHAServiceDiscovery (batchId=252) org.apache.hive.jdbc.TestActivePassiveHA.testManualFailover (batchId=252) org.apache.hive.jdbc.TestActivePassiveHA.testManualFailoverUnauthorized (batchId=252) org.apache.hive.jdbc.TestActivePassiveHA.testNoConnectionOnPassive (batchId=252) org.apache.hive.jdbc.miniHS2.TestHs2ConnectionMetricsBinary.testOpenConnectionMetrics (batchId=256) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14148/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14148/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14148/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 8 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12941893 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > Se
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16633469#comment-16633469 ] Hive QA commented on HIVE-20544: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 31s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 34s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 50s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 21s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 39s{color} | {color:blue} itests/hive-unit in master has 2 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 37s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 10s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 52s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 17s{color} | {color:red} itests/hive-unit: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 46s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 37s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 13s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 14m 59s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile xml | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14148/dev-support/hive-personality.sh | | git revision | master / e133ec5 | | Default Java | 1.8.0_111 | | findbugs | v3.0.0 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-14148/yetus/diff-checkstyle-itests_hive-unit.txt | | modules | C: service-rpc itests/hive-unit U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14148/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.4.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > Th
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16632860#comment-16632860 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941698/HIVE-20544.4.patch {color:red}ERROR:{color} -1 due to build exiting with an error Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14118/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14118/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14118/ Messages: {noformat} This message was trimmed, see log for full details [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/org/eclipse/jetty/jetty-xml/9.3.20.v20170531/jetty-xml-9.3.20.v20170531.jar(org/eclipse/jetty/xml/XmlConfiguration.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/org/slf4j/jul-to-slf4j/1.7.10/jul-to-slf4j-1.7.10.jar(org/slf4j/bridge/SLF4JBridgeHandler.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/DispatcherType.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/Filter.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/FilterChain.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/FilterConfig.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/ServletException.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/ServletRequest.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/ServletResponse.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/annotation/WebFilter.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/http/HttpServletRequest.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/javax/servlet/javax.servlet-api/3.1.0/javax.servlet-api-3.1.0.jar(javax/servlet/http/HttpServletResponse.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/apache-github-source-source/classification/target/hive-classification-4.0.0-SNAPSHOT.jar(org/apache/hadoop/hive/common/classification/InterfaceAudience$LimitedPrivate.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/apache-github-source-source/classification/target/hive-classification-4.0.0-SNAPSHOT.jar(org/apache/hadoop/hive/common/classification/InterfaceStability$Unstable.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/io/ByteArrayOutputStream.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/io/OutputStream.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/io/Closeable.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/lang/AutoCloseable.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/io/Flushable.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(javax/xml/bind/annotation/XmlRootElement.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/org/apache/commons/commons-exec/1.1/commons-exec-1.1.jar(org/apache/commons/exec/ExecuteException.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/security/PrivilegedExceptionAction.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/util/concurrent/ExecutionException.class)]] [loading ZipFileIndexFileObject[/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/rt.jar(java/util/concurrent/TimeoutException.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/maven/org/apache/hadoop/hadoop-common/3.1.0/hadoop-common-3.1.0.jar(org/apache/hadoop/fs/FileSystem.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/apache-github-source-source/shims/common/target/hive-shims-common-4.0.0-SNAPSHOT.jar(org/apache/hadoop/hive/shims/HadoopShimsSecure.class)]] [loading ZipFileIndexFileObject[/data/hiveptest/working/apache-github-source-source/shims/common/target/hive-shims-common-4.
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631304#comment-16631304 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941504/HIVE-20544.4.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 15006 tests executed *Failed tests:* {noformat} org.apache.hive.jdbc.TestJdbcWithMiniHS2.testConcurrentLineage (batchId=255) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14094/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14094/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14094/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12941504 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631282#comment-16631282 ] Hive QA commented on HIVE-20544: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 47s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 25s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 55s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 24s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 41s{color} | {color:blue} itests/hive-unit in master has 2 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 42s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 12s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 59s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 55s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 17s{color} | {color:red} itests/hive-unit: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 49s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 41s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:red}-1{color} | {color:red} asflicense {color} | {color:red} 0m 15s{color} | {color:red} The patch generated 1 ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 15m 47s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile xml | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14094/dev-support/hive-personality.sh | | git revision | master / 727e4b2 | | Default Java | 1.8.0_111 | | findbugs | v3.0.0 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-14094/yetus/diff-checkstyle-itests_hive-unit.txt | | asflicense | http://104.198.109.242/logs//PreCommit-HIVE-Build-14094/yetus/patch-asflicense-problems.txt | | modules | C: service-rpc itests/hive-unit U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14094/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, > HIVE-20544.4.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***.
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629961#comment-16629961 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941428/HIVE-20544.4.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:red}ERROR:{color} -1 due to 2 failed/errored test(s), 15000 tests executed *Failed tests:* {noformat} org.apache.hive.jdbc.TestJdbcDriver2.testSelectExecAsync2 (batchId=253) org.apache.hive.spark.client.rpc.TestRpc.testClientTimeout (batchId=320) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14075/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14075/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14075/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 2 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12941428 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16629900#comment-16629900 ] Hive QA commented on HIVE-20544: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 33s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 7m 14s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 52s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 22s{color} | {color:green} master passed {color} | | {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue} 0m 36s{color} | {color:blue} itests/hive-unit in master has 2 extant Findbugs warnings. {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 36s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 9s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 50s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 50s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} checkstyle {color} | {color:red} 0m 15s{color} | {color:red} itests/hive-unit: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 42s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 37s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 13s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 14m 29s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile xml | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14075/dev-support/hive-personality.sh | | git revision | master / 5f039a9 | | Default Java | 1.8.0_111 | | findbugs | v3.0.0 | | checkstyle | http://104.198.109.242/logs//PreCommit-HIVE-Build-14075/yetus/diff-checkstyle-itests_hive-unit.txt | | modules | C: service-rpc itests/hive-unit U: . | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14075/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.4.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated clas
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16627770#comment-16627770 ] Peter Vary commented on HIVE-20544: --- [~klcopp]: The current commit rules require us to have a green run to push a change. Even if we know the failed test is unrelated. If we see a test which is flaky (usually when it fails more than a few times in the previous runs) then we disable the test and file a jira for fixing it. Taking a look a the test history it seems that the test should be fixed, so I would just reupload the patch with a different filename and hope for a clean run. Thanks, Peter > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16627006#comment-16627006 ] Karen Coppage commented on HIVE-20544: -- Ran above failed test locally, it passed. [~pvary], [~lpinter], or [~asherman], is this ready to ship? > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626478#comment-16626478 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941051/HIVE-20544.3.patch {color:red}ERROR:{color} -1 due to build exiting with an error Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14023/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14023/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14023/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Tests exited with: Exception: Patch URL https://issues.apache.org/jira/secure/attachment/12941051/HIVE-20544.3.patch was found in seen patch url's cache and a test was probably run already on it. Aborting... {noformat} This message is automatically generated. ATTACHMENT ID: 12941051 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626476#comment-16626476 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12941051/HIVE-20544.3.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 14996 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestMiniLlapCliDriver.testCliDriver[mm_dp] (batchId=155) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/14022/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14022/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14022/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12941051 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626413#comment-16626413 ] Hive QA commented on HIVE-20544: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 2s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 13s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 6s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 13s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 13s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 13s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 9m 58s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc xml compile findbugs checkstyle | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-14022/dev-support/hive-personality.sh | | git revision | master / 672755d | | Default Java | 1.8.0_111 | | modules | C: service-rpc U: service-rpc | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-14022/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.3.patch, HIVE-20544.3.patch, HIVE-20544.patch, non-solution.patch, > working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration >
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624853#comment-16624853 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12940797/HIVE-20544.2.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:red}ERROR:{color} -1 due to 1 failed/errored test(s), 14993 tests executed *Failed tests:* {noformat} org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver[parallel_orderby] (batchId=58) {noformat} Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/13983/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/13983/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-13983/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase Tests exited with: TestsFailedException: 1 tests failed {noformat} This message is automatically generated. ATTACHMENT ID: 12940797 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.patch, non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16624847#comment-16624847 ] Hive QA commented on HIVE-20544: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 0s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 12s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 6s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 13s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 14s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} xml {color} | {color:green} 0m 1s{color} | {color:green} The patch has no ill-formed XML file. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 14s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 9m 53s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc xml compile findbugs checkstyle | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-13983/dev-support/hive-personality.sh | | git revision | master / cdba00c | | Default Java | 1.8.0_111 | | modules | C: service-rpc U: service-rpc | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-13983/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.patch, non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOp
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16623776#comment-16623776 ] Karen Coppage commented on HIVE-20544: -- [~pvary], your solution worked! The password mask is part of generated code in the new patch. Thanks so much for your input:) > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.2.patch, > HIVE-20544.patch, non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= (no longer relevant, see comments) > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16620550#comment-16620550 ] Karen Coppage commented on HIVE-20544: -- This is great, thanks so much, [~pvary]! > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16619575#comment-16619575 ] Peter Vary commented on HIVE-20544: --- [~klcopp]: I would take a look at HIVE-17743, if we find some help there {{service-rpc/pom.xml}} - Plugin: {{com.google.code.maven-replacer-plugin.replacer}} > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16618749#comment-16618749 ] Karen Coppage commented on HIVE-20544: -- [~dkuzmenko] and [~lpinter] thanks very much for your valuable input and ideas yesterday. [~pvary] do you know of anyone else who might have some opinions? > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch, > non-solution.patch, working-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > =Edit= > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in > service-rpc. Struct TOpenSessionReq is OpenSession()'s one parameter and is > defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > * Create a separate struct containing only the username and password, and > pass it to OpenSession() as a second parameter. Since all fields in the new > struct are "optional", the generated validate() is empty – toString() is > never used. This involves changing core classes and breaks the "Each function > should take exactly one parameter" coding convention (detailed at > service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > * Making client_protocol optional instead of required. Apparently this will > break everything. > * Overwriting toString() – TOpenSessionReq is a struct. > * Creating two Thrift structs, one struct for required (TRequiredReq) and > one for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because validate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > * Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16618721#comment-16618721 ] Karen Coppage commented on HIVE-20544: -- Edited description to show real problem. Uploading 2 patches as examples > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch, non-solution.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. > ===Edit=== > This issue is tricky since it is caused in a fully generated class. I've been > playing around and have found one working solution, butI'd truly appreciate > ideas for a more elegant solution or input. > The problem: > TCLIService.thrift is the template for generating all classes in service-rpc. > Struct TOpenSessionReq is OpenSession()'s one parameter and is defined thus: > {noformat} > struct TOpenSessionReq { > 1: required TProtocolVersion client_protocol = > TProtocolVersion.HIVE_CLI_SERVICE_PROTOCOL_V10 > 2: optional string username > 3: optional string password > 4: optional map configuration > } > {noformat} > In the generated class TOpenSessionReq.java, client_protocol is checked by a > validate() method, which is called quite a few times; if client_protocol is > not set, it throws a TProtocolException, passing along a toString(). This > toString() gets the names and values of all fields, including username and > password. > Working solution: > Create a separate struct containing only the username and password, and pass > it to OpenSession() as a second paramater. Since all fields are "optional", > the generated validate() is empty – toString() is never used. This involves > changing core classes and breaks the "Each function should take exactly one > parameter" coding convention (at service-rpc/if/TCLIService.thrift:27). > See working-solution.patch. > What doesn't work: > -Making client_protocol optional instead of required. Apparently this will > break everything. > -Overwriting toString() – TOpenSessionReq is a struct. > -Creating two Thrift structs, one struct for required (TRequiredReq) and one > for optional (TOptionalReq) fields, and nesting them in struct > TOpenSessionReq. This doesn't work because valiate() in TOpenSessionReq can > call TOptionalReq.toString(), which prints the password to logs. This will > happen if TRequiredReq.client_protocol isn't set. > See non-solution.patch > -Asking Thrift devs to change their code. I wrote them an email but have no > expectations. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614626#comment-16614626 ] Karen Coppage commented on HIVE-20544: -- Thanks, [~pvary]! I'll look into another solution. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614545#comment-16614545 ] Peter Vary commented on HIVE-20544: --- The classes in the {{gen}} folder are generated every time when the thrift code is changes. See: https://cwiki.apache.org/confluence/display/Hive/HowToContribute#HowToContribute-GeneratingThriftCode We should find another way to change the behavior. Thanks, Peter > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614485#comment-16614485 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12939540/HIVE-20544.1.patch {color:red}ERROR:{color} -1 due to build exiting with an error Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/13774/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/13774/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-13774/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Tests exited with: Exception: Patch URL https://issues.apache.org/jira/secure/attachment/12939540/HIVE-20544.1.patch was found in seen patch url's cache and a test was probably run already on it. Aborting... {noformat} This message is automatically generated. ATTACHMENT ID: 12939540 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614482#comment-16614482 ] Hive QA commented on HIVE-20544: Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12939540/HIVE-20544.1.patch {color:red}ERROR:{color} -1 due to no test(s) being added or modified. {color:green}SUCCESS:{color} +1 due to 14939 tests passed Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/13772/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/13772/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-13772/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12939540 - PreCommit-HIVE-Build > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16614455#comment-16614455 ] Hive QA commented on HIVE-20544: | (/) *{color:green}+1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || || || || || {color:brown} Prechecks {color} || | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | || || || || {color:brown} master Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 8m 23s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 13s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 7s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} master passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s{color} | {color:green} master passed {color} | || || || || {color:brown} Patch Compile Tests {color} || | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m 14s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m 12s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 0m 0s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m 14s{color} | {color:green} the patch passed {color} | || || || || {color:brown} Other Tests {color} || | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 14s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black} 10m 20s{color} | {color:black} {color} | \\ \\ || Subsystem || Report/Notes || | Optional Tests | asflicense javac javadoc findbugs checkstyle compile | | uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux | | Build tool | maven | | Personality | /data/hiveptest/working/yetus_PreCommit-HIVE-Build-13772/dev-support/hive-personality.sh | | git revision | master / 35f86c7 | | Default Java | 1.8.0_111 | | modules | C: service-rpc U: service-rpc | | Console output | http://104.198.109.242/logs//PreCommit-HIVE-Build-13772/yetus.txt | | Powered by | Apache Yetushttp://yetus.apache.org | This message was automatically generated. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.1.patch, HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (HIVE-20544) TOpenSessionReq logs password and username
[ https://issues.apache.org/jira/browse/HIVE-20544?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16613257#comment-16613257 ] Karen Coppage commented on HIVE-20544: -- Decided to hide password with asterisks. > TOpenSessionReq logs password and username > -- > > Key: HIVE-20544 > URL: https://issues.apache.org/jira/browse/HIVE-20544 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 4.0.0 >Reporter: Karen Coppage >Assignee: Karen Coppage >Priority: Major > Labels: beginner, patch, security > Attachments: HIVE-20544.patch > > > In > service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq, > if client protocol is unset, validate() and toString() prints both username > and password to logs. > Logging a password is a security risk. We should hide the ***. -- This message was sent by Atlassian JIRA (v7.6.3#76005)