[ https://issues.apache.org/jira/browse/YARN-11308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17607862#comment-17607862 ]
ASF GitHub Bot commented on YARN-11308: --------------------------------------- goiri commented on code in PR #4908: URL: https://github.com/apache/hadoop/pull/4908#discussion_r976753395 ########## hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/conf/TestConfServlet.java: ########## @@ -247,4 +253,63 @@ public void testBadFormat() throws Exception { } assertEquals("", sw.toString()); } + + private void verifyReplaceProperty(Configuration conf, String format, + String propertyName) throws Exception { + StringWriter sw = null; + PrintWriter pw = null; + ConfServlet service = null; + try { + service = new ConfServlet(); + ServletConfig servletConf = mock(ServletConfig.class); + ServletContext context = mock(ServletContext.class); + service.init(servletConf); + when(context.getAttribute(HttpServer2.CONF_CONTEXT_ATTRIBUTE)).thenReturn(conf); + when(service.getServletContext()).thenReturn(context); + + HttpServletRequest request = mock(HttpServletRequest.class); + when(request.getHeader(HttpHeaders.ACCEPT)).thenReturn(TEST_FORMATS.get(format)); + when(request.getParameter("name")).thenReturn(propertyName); + + HttpServletResponse response = mock(HttpServletResponse.class); + sw = new StringWriter(); + pw = new PrintWriter(sw); + when(response.getWriter()).thenReturn(pw); + + // response request + service.doGet(request, response); + String result = sw.toString().trim(); + + // For example, for the property yarn.federation.state-store.sql.username, + // we set the value to test-user, + // which should be replaced by a mask, which should be ****** + // MASK_PROPERTIES.get("property yarn.federation.state-store.sql.username") + // is the value before replacement, test-user + // result contains the replaced value, which should be ****** + assertTrue(result.contains(propertyName)); + assertTrue(!result.contains(MASK_PROPERTIES.get(propertyName))); Review Comment: assertFalse > Router Page display the db username and password in mask mode > ------------------------------------------------------------- > > Key: YARN-11308 > URL: https://issues.apache.org/jira/browse/YARN-11308 > Project: Hadoop YARN > Issue Type: Bug > Components: federation > Affects Versions: 3.4.0 > Reporter: fanshilun > Assignee: fanshilun > Priority: Major > Labels: pull-request-available > Attachments: image-2022-09-19-17-33-44-585.png, > image-2022-09-19-17-35-02-471.png > > > When using YRAN-Federation's SQLFederationStateStore, we need to configure > yarn.federation.state-store.sql.username, > yarn.federation.state-store.sql.password in the configuration file, When > viewing Conf on the Router page, the user name and password are displayed in > plaintext, which will bring security risks. We should display it in the form > of a mask. > > before fixing > {code:java} > <property> > <name>yarn.federation.state-store.sql.username</name> > <value>federation</value> > <final>false</final> > <source>yarn-site.xml</source> > </property> > <property> > <name>yarn.federation.state-store.sql.password</name> > <value>federation123</value> > <final>false</final> > <source>yarn-site.xml</source> > </property> {code} > after fixing > {code:java} > <property> > <name>yarn.federation.state-store.sql.username</name> > <value>******</value> > <final>false</final> > <source>yarn-site.xml</source> > </property> > <property> > <name>yarn.federation.state-store.sql.password</name> > <value>******</value> > <final>false</final> > <source>yarn-site.xml</source> > </property> {code} > > -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org