[
https://issues.apache.org/jira/browse/HADOOP-19079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836315#comment-17836315
]
ASF GitHub Bot commented on HADOOP-19079:
-----------------------------------------
steveloughran commented on PR #6557:
URL: https://github.com/apache/hadoop/pull/6557#issuecomment-2050311828
> Junit has assertThrows though. Would that be a bit more Java friendly?
one thing intercept does, which I haven't seen the others to, is include the
toString() value of anything returned by the callable in the assertion. which
lets you add tests that explicitly print their state on failures, rather than
just "l-exp invoked didn't fail".
Diagnostics information is too important to be lost...
> HttpExceptionUtils to check that loaded class is really an exception before
> instantiation
> -----------------------------------------------------------------------------------------
>
> Key: HADOOP-19079
> URL: https://issues.apache.org/jira/browse/HADOOP-19079
> Project: Hadoop Common
> Issue Type: Task
> Components: common, security
> Reporter: PJ Fanning
> Assignee: PJ Fanning
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.3.9, 3.5.0, 3.4.1
>
>
> It can be dangerous taking class names as inputs from HTTP messages even if
> we control the source. Issue is in HttpExceptionUtils in hadoop-common
> (validateResponse method).
> I can provide a PR that will highlight the issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
