Repository: oozie Updated Branches: refs/heads/master ed6a85232 -> ae2c3009a
OOZIE-2492 JSON security issue in js code (fdenes via rkanter) Project: http://git-wip-us.apache.org/repos/asf/oozie/repo Commit: http://git-wip-us.apache.org/repos/asf/oozie/commit/ae2c3009 Tree: http://git-wip-us.apache.org/repos/asf/oozie/tree/ae2c3009 Diff: http://git-wip-us.apache.org/repos/asf/oozie/diff/ae2c3009 Branch: refs/heads/master Commit: ae2c3009a3a2ca1920b0896dfce71e15d24ea985 Parents: ed6a852 Author: Robert Kanter <[email protected]> Authored: Tue Mar 29 17:24:27 2016 -0700 Committer: Robert Kanter <[email protected]> Committed: Tue Mar 29 17:24:27 2016 -0700 ---------------------------------------------------------------------- release-log.txt | 1 + webapp/src/main/webapp/oozie-console.js | 24 ++++++++++++------------ 2 files changed, 13 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/oozie/blob/ae2c3009/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index 9341014..b7402be 100644 --- a/release-log.txt +++ b/release-log.txt @@ -1,5 +1,6 @@ -- Oozie 4.3.0 release (trunk - unreleased) +OOZIE-2492 JSON security issue in js code (fdenes via rkanter) OOZIE-2429 TestEventGeneration test is flakey (fdenes via rkanter) OOZIE-2466 Repeated failure of TestMetricsInstrumentation.testSamplers (fdenes via rkanter) OOZIE-2470 Remove infinite socket timeouts in the Oozie email action (harsh) http://git-wip-us.apache.org/repos/asf/oozie/blob/ae2c3009/webapp/src/main/webapp/oozie-console.js ---------------------------------------------------------------------- diff --git a/webapp/src/main/webapp/oozie-console.js b/webapp/src/main/webapp/oozie-console.js index bd18506..31dcc3d 100644 --- a/webapp/src/main/webapp/oozie-console.js +++ b/webapp/src/main/webapp/oozie-console.js @@ -448,7 +448,7 @@ function jobDetailsPopup(response, request) { getLogs(getOozieBase() + 'job/' + workflowId + "?show=log", searchFilterBox.getValue(), logStatus, jobLogArea, false, null); } - var jobDetails = eval("(" + response.responseText + ")"); + var jobDetails = JSON.parse(response.responseText); var workflowId = jobDetails["id"]; var appName = jobDetails["appName"]; var jobActionStatus = new Ext.data.JsonStore({ @@ -556,7 +556,7 @@ function jobDetailsPopup(response, request) { url: getOozieBase() + 'job/' + workflowId + "?timezone=" + getTimeZone(), timeout: 300000, success: function(response, request) { - jobDetails = eval("(" + response.responseText + ")"); + jobDetails = JSON.parse(response.responseText); jobActionStatus.loadData(jobDetails["actions"]); fs.getForm().setValues(jobDetails); } @@ -826,7 +826,7 @@ function jobDetailsPopup(response, request) { url: getOozieBase() + 'job/' + actionId + "?timezone=" + getTimeZone(), timeout: 300000, success: function(response, request) { - var results = eval("(" + response.responseText + ")"); + var results = JSON.parse(response.responseText); detail.getForm().setValues(results); urlUnit.getForm().setValues(results); populateUrlUnit(results, urlUnit); @@ -1110,7 +1110,7 @@ function coordJobDetailsPopup(response, request) { auditLogStatus, jobAuditLogArea, true, null); } - var jobDetails = eval("(" + response.responseText + ")"); + var jobDetails = JSON.parse(response.responseText); var coordJobId = jobDetails["coordJobId"]; var appName = jobDetails["coordJobName"]; var jobActionStatus = new Ext.data.JsonStore({ @@ -1228,7 +1228,7 @@ function coordJobDetailsPopup(response, request) { url: getOozieBase() + 'job/' + coordJobId + "?timezone=" + getTimeZone() + "&offset=0&len=0", timeout: 300000, success: function(response, request) { - jobDetails = eval("(" + response.responseText + ")"); + jobDetails = JSON.parse(response.responseText); fs.getForm().setValues(jobDetails); jobActionStatus.reload(); } @@ -1612,7 +1612,7 @@ function bundleJobDetailsPopup(response, request) { emptyText: "Loading..." }); - var jobDetails = eval("(" + response.responseText + ")"); + var jobDetails = JSON.parse(response.responseText); var bundleJobId = jobDetails["bundleJobId"]; var bundleJobName = jobDetails["bundleJobName"]; var jobActionStatus = new Ext.data.JsonStore({ @@ -1682,7 +1682,7 @@ function bundleJobDetailsPopup(response, request) { url: getOozieBase() + 'job/' + bundleJobId + "?timezone=" + getTimeZone(), timeout: 300000, success: function(response, request) { - jobDetails = eval("(" + response.responseText + ")"); + jobDetails = JSON.parse(response.responseText); jobActionStatus.loadData(jobDetails["bundleCoordJobs"]); fs.getForm().setValues(jobDetails); } @@ -2087,7 +2087,7 @@ function getConfigObject(responseTxt) { var fo = { elements: [] }; - var responseObj = eval('(' + responseTxt + ')'); + var responseObj = JSON.parse(responseTxt); var j = 0; for (var i in responseObj) { fo.elements[j] = {}; @@ -2384,7 +2384,7 @@ var checkStatus = new Ext.Action({ Ext.Ajax.request({ url: getOozieBase() + 'admin/status', success: function(response, request) { - var status = eval("(" + response.responseText + ")"); + var status = JSON.parse(response.responseText); if (status.safeMode) { checkStatus.setText("<font color='700000' size='2> Safe Mode - ON </font>"); } @@ -2403,7 +2403,7 @@ var serverVersion = new Ext.Action({ Ext.Ajax.request({ url: getOozieBase() + 'admin/build-version', success: function(response, request) { - var ret = eval("(" + response.responseText + ")"); + var ret = JSON.parse(response.responseText); serverVersion.setText("<font size='2'>Server version [" + ret['buildVersion'] + "]</font>"); } }); @@ -2431,7 +2431,7 @@ var viewInstrumentation = new Ext.Action({ Ext.Ajax.request({ url: getOozieBase() + 'admin/instrumentation', success: function(response, request) { - var jsonData = eval("(" + response.responseText + ")"); + var jsonData = JSON.parse(response.responseText); var timers = treeNodeFromJsonInstrumentation(jsonData["timers"], "timers"); timers.expanded = false; var samplers = treeNodeFromJsonInstrumentation(jsonData["samplers"], "samplers"); @@ -2462,7 +2462,7 @@ var viewMetrics = new Ext.Action({ Ext.Ajax.request({ url: getOozieBase() + 'admin/metrics', success: function(response, request) { - var jsonData = eval("(" + response.responseText + ")"); + var jsonData = JSON.parse(response.responseText); var timers = treeNodeFromJsonMetrics(jsonData["timers"], "timers"); timers.expanded = false; var histograms = treeNodeFromJsonMetrics(jsonData["histograms"], "histograms");
