[
https://issues.apache.org/jira/browse/HADOOP-18069?focusedWorklogId=761593&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-761593
]
ASF GitHub Bot logged work on HADOOP-18069:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 25/Apr/22 05:28
Start Date: 25/Apr/22 05:28
Worklog Time Spent: 10m
Work Description: aajisaka commented on code in PR #4229:
URL: https://github.com/apache/hadoop/pull/4229#discussion_r857265232
##########
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/oauth2/ConfRefreshTokenBasedAccessTokenProvider.java:
##########
@@ -103,36 +104,39 @@ public synchronized String getAccessToken() throws
IOException {
void refresh() throws IOException {
try {
- OkHttpClient client = new OkHttpClient();
- client.setConnectTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
- TimeUnit.MILLISECONDS);
- client.setReadTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
- TimeUnit.MILLISECONDS);
+ OkHttpClient client =
+ new
OkHttpClient.Builder().connectTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
+ TimeUnit.MILLISECONDS)
+ .readTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
TimeUnit.MILLISECONDS)
+ .build();
Review Comment:
Would you use try-with-resources for `OkHttpClient`?
##########
hadoop-project/pom.xml:
##########
@@ -227,6 +230,37 @@
<artifactId>okhttp</artifactId>
<version>${okhttp.version}</version>
Review Comment:
I suppose `com.squareup.okhttp:okhttp` can be removed.
##########
hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/oauth2/ConfRefreshTokenBasedAccessTokenProvider.java:
##########
@@ -103,36 +104,39 @@ public synchronized String getAccessToken() throws
IOException {
void refresh() throws IOException {
try {
- OkHttpClient client = new OkHttpClient();
- client.setConnectTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
- TimeUnit.MILLISECONDS);
- client.setReadTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
- TimeUnit.MILLISECONDS);
+ OkHttpClient client =
+ new
OkHttpClient.Builder().connectTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
+ TimeUnit.MILLISECONDS)
+ .readTimeout(URLConnectionFactory.DEFAULT_SOCKET_TIMEOUT,
TimeUnit.MILLISECONDS)
+ .build();
- String bodyString = Utils.postBody(GRANT_TYPE, REFRESH_TOKEN,
- REFRESH_TOKEN, refreshToken,
- CLIENT_ID, clientId);
+ String bodyString =
+ Utils.postBody(GRANT_TYPE, REFRESH_TOKEN, REFRESH_TOKEN,
refreshToken, CLIENT_ID,
+ clientId);
RequestBody body = RequestBody.create(URLENCODED, bodyString);
- Request request = new Request.Builder()
- .url(refreshURL)
- .post(body)
- .build();
+ Request request = new
Request.Builder().url(refreshURL).post(body).build();
Response responseBody = client.newCall(request).execute();
- if (responseBody.code() != HttpStatus.SC_OK) {
- throw new IllegalArgumentException("Received invalid http response: "
- + responseBody.code() + ", text = " + responseBody.toString());
- }
+ if (responseBody != null) {
+
+ if (responseBody.code() != HttpStatus.SC_OK) {
+ throw new IllegalArgumentException(
+ "Received invalid http response: " + responseBody.code() + ",
text = "
+ + responseBody);
+ }
+
+ Map<?, ?> response = JsonSerialization.mapReader()
+ .readValue(Objects.requireNonNull(responseBody.body()).string());
- Map<?, ?> response = JsonSerialization.mapReader().readValue(
- responseBody.body().string());
+ String newExpiresIn = response.get(EXPIRES_IN).toString();
+ accessTokenTimer.setExpiresIn(newExpiresIn);
- String newExpiresIn = response.get(EXPIRES_IN).toString();
- accessTokenTimer.setExpiresIn(newExpiresIn);
+ accessToken = response.get(ACCESS_TOKEN).toString();
+
+ }
Review Comment:
Would you minimize the formatting change as possible? The main purpose of
the PR is to upgrade the version of okhttp, so you can do the formatting fixes
in a separate issue.
Issue Time Tracking
-------------------
Worklog Id: (was: 761593)
Time Spent: 1h (was: 50m)
> CVE-2021-0341 in [email protected] detected in hdfs-client
> -------------------------------------------------------
>
> Key: HADOOP-18069
> URL: https://issues.apache.org/jira/browse/HADOOP-18069
> Project: Hadoop Common
> Issue Type: Bug
> Components: hdfs-client
> Affects Versions: 3.3.1
> Reporter: Eugene Shinn (Truveta)
> Priority: Major
> Labels: pull-request-available
> Time Spent: 1h
> Remaining Estimate: 0h
>
> Our static vulnerability scanner (Fortify On Demand) detected [NVD -
> CVE-2021-0341
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-0341#VulnChangeHistorySection]
> in our application. We traced the vulnerability to a transitive dependency
> coming from hadoop-hdfs-client, which depends on [email protected]
> ([hadoop/pom.xml at trunk · apache/hadoop
> (github.com)|https://github.com/apache/hadoop/blob/trunk/hadoop-project/pom.xml#L137]).
> To resolve this issue, okhttp should be upgraded to 4.9.2+ (ref:
> [CVE-2021-0341 · Issue #6724 · square/okhttp
> (github.com)|https://github.com/square/okhttp/issues/6724]).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
