bharatviswa504 commented on a change in pull request #1486: HDDS-2158. Fixing
Json Injection Issue in JsonUtils.
URL: https://github.com/apache/hadoop/pull/1486#discussion_r327852770
##########
File path:
hadoop-ozone/ozone-manager/src/main/java/org/apache/hadoop/ozone/web/ozShell/bucket/AddAclBucketHandler.java
##########
@@ -92,8 +92,9 @@ public Void call() throws Exception {
boolean result = client.getObjectStore().addAcl(obj,
OzoneAcl.parseAcl(acl));
- System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
- JsonUtils.toJsonString("Acl set successfully: " + result)));
+ System.out.printf("%s%n", "Acl set successfully: " +
+ JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
Review comment:
Here the result is true/false, we can directly print. Do we need
toJsonStringWithDefaultPrettyPrinter here? Previously this was called with Acl
set successfully: + result. But now just result, so is it okay if we directly
use result to print?
Same comment for all AclHandler classes.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
