[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177485#comment-17177485 ] Bilwa S T commented on YARN-10336: -- Thanks [~elgoiri] and [~hemanthboyina] for review > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Fix For: 3.4.0, 3.3.1 > > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, YARN-10336.003.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177241#comment-17177241 ] Hemanth Boyina commented on YARN-10336: --- committed to trunk and branch 3.3 , thanks [~BilwaST] for the contribution , thanks [~Rajshree] for the report and thanks [~elgoiri] for the review > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Fix For: 3.4.0, 3.3.1 > > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, YARN-10336.003.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177233#comment-17177233 ] Hemanth Boyina commented on YARN-10336: --- +1 , will commit shortly > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, YARN-10336.003.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17177222#comment-17177222 ] Íñigo Goiri commented on YARN-10336: +1 on [^YARN-10336.003.patch]. > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, YARN-10336.003.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[
https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17175832#comment-17175832
]
Hadoop QA commented on YARN-10336:
--
| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
44s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} dupname {color} | {color:green} 0m
0s{color} | {color:green} No case conflicting files found. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m
0s{color} | {color:green} The patch appears to include 1 new or modified test
files. {color} |
|| || || || {color:brown} trunk Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 19m
7s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
42s{color} | {color:green} trunk passed with JDK
Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
38s{color} | {color:green} trunk passed with JDK Private
Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
26s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m
40s{color} | {color:green} trunk passed {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green}
14m 50s{color} | {color:green} branch has no errors when building and testing
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
33s{color} | {color:green} trunk passed with JDK
Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
31s{color} | {color:green} trunk passed with JDK Private
Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} |
| {color:blue}0{color} | {color:blue} spotbugs {color} | {color:blue} 1m
11s{color} | {color:blue} Used deprecated FindBugs config; considering
switching to SpotBugs. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
9s{color} | {color:green} trunk passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 0m
32s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
32s{color} | {color:green} the patch passed with JDK
Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m
32s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green} 0m
29s{color} | {color:green} the patch passed with JDK Private
Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green} 0m
29s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 0m
17s{color} | {color:green}
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common:
The patch generated 0 new + 9 unchanged - 2 fixed = 9 total (was 11) {color} |
| {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 0m
30s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m
0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} shadedclient {color} | {color:green}
13m 47s{color} | {color:green} patch has no errors when building and testing
our client artifacts. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
31s{color} | {color:green} the patch passed with JDK
Ubuntu-11.0.8+10-post-Ubuntu-0ubuntu118.04.1 {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 0m
28s{color} | {color:green} the patch passed with JDK Private
Build-1.8.0_265-8u265-b01-0ubuntu2~18.04-b01 {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 1m
17s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green} 2m
42s{color} | {color:green} hadoop-yarn-server-common in the patch passed.
{color} |
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17175735#comment-17175735 ] Bilwa S T commented on YARN-10336: -- Thanks [~elgoiri] for review. # Using singletonMap would return immutableMap and when title is set in AppsBlock .it tries to add it to map returned by this method which would throw UnsupportedException. Handled other two comments. Please check > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, YARN-10336.003.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17175700#comment-17175700 ] Íñigo Goiri commented on YARN-10336: The tests looks good, couple minor things: * Add license to the file. * Add javadoc to the tests. * For the map, you can use: https://docs.oracle.com/javase/7/docs/api/java/util/Collections.html#singletonMap(K,%20V) > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[
https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17175671#comment-17175671
]
Hadoop QA commented on YARN-10336:
--
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m
0s{color} | {color:blue} Docker mode activated. {color} |
| {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 10s{color}
| {color:red} YARN-10336 does not apply to trunk. Rebase required? Wrong
Branch? See https://wiki.apache.org/hadoop/HowToContribute for help. {color} |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | YARN-10336 |
| JIRA Patch URL |
https://issues.apache.org/jira/secure/attachment/13009456/YARN-10336.002.patch |
| Console output |
https://ci-hadoop.apache.org/job/PreCommit-YARN-Build/67/console |
| versions | git=2.17.1 |
| Powered by | Apache Yetus 0.13.0-SNAPSHOT https://yetus.apache.org |
This message was automatically generated.
> RM page should throw exception when command injected in RM REST API to get
> applications
> ---
>
> Key: YARN-10336
> URL: https://issues.apache.org/jira/browse/YARN-10336
> Project: Hadoop YARN
> Issue Type: Bug
>Reporter: Rajshree Mishra
>Assignee: Bilwa S T
>Priority: Major
> Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch,
> YARN-10336.002.patch, testproof.png
>
>
> Using a web application attacking, we see that injecting commands like
> ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception.
> Refer images.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17175602#comment-17175602 ] Bilwa S T commented on YARN-10336: -- Added UT > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > YARN-10336.002.patch, testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17169546#comment-17169546 ] Bilwa S T commented on YARN-10336: -- Hi [~hemanthboyina] No ...[] character is not injected. > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17169498#comment-17169498 ] Hemanth Boyina commented on YARN-10336: --- thanks for the report [~Rajshree] , thanks for the patch [~BilwaST] is [ ] character was injected in the rest api request ? > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17168504#comment-17168504 ] Bilwa S T commented on YARN-10336: -- Attached patch and test proof !testproof.png! > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17168500#comment-17168500 ] Bilwa S T commented on YARN-10336: -- Attaching patch and test proof !testproof.png! > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg, YARN-10336.001.patch, > testproof.png > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150315#comment-17150315 ] Bilwa S T commented on YARN-10336: -- cc [~brahmareddy] > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-10336) RM page should throw exception when command injected in RM REST API to get applications
[ https://issues.apache.org/jira/browse/YARN-10336?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17150303#comment-17150303 ] Bilwa S T commented on YARN-10336: -- This should be handled same way as how NodesPage is handled if NodeState given is not valid. The only difference is here we catch Illegal Argument Exception thrown by "YarnApplicationState.valueOf(stateString)" . I think we shouldn't catch exception here. > RM page should throw exception when command injected in RM REST API to get > applications > --- > > Key: YARN-10336 > URL: https://issues.apache.org/jira/browse/YARN-10336 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Rajshree Mishra >Assignee: Bilwa S T >Priority: Major > Attachments: CommandInject.jpg, RM_UI.jpg > > > Using a web application attacking, we see that injecting commands like > ACCEPTED, FAILED and FINISHED to RM REST API does not throw an exception. > Refer images. -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
