> On April 30, 2014, 8:32 a.m., Edward Sargisson wrote: > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/AbstractElasticSearchIndexRequestBuilderFactory.java, > > line 80 > > <https://reviews.apache.org/r/20601/diff/1/?file=565264#file565264line80> > > > > Is there anyway this substitution can be used as an attack? i.e. we are > > now allowing event submitters to provide part of the URL used to submit the > > event to elasticsearch (if using the REST client). Could an attacker craft > > something nefarious? > > Satoshi Iijima wrote: > There is that possibility. But I think that the administrator of > ElasticSearch and Flume has responsibility to judge whether header > substitution is used in flume.conf. > I think that header substitution of hdfs-sink has a same issue, too.
I will add an explanation about the possibility of this issue in doc later. I think this issue should be solved in other ticket if necessary. - Satoshi ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/20601/#review41786 ----------------------------------------------------------- On April 30, 2014, 7:26 p.m., Satoshi Iijima wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/20601/ > ----------------------------------------------------------- > > (Updated April 30, 2014, 7:26 p.m.) > > > Review request for Flume. > > > Repository: flume-git > > > Description > ------- > > The ElasticSearchSink would be improved by allowing for header substitution > in the indexName and indexType property. > A use case is where the sink is an intermediate part of a chain and the index > name is required to identify the message origin, at present it can only be a > hardcoded value. > The HDFS sink already supports header substitution so a similar format would > maintain consistency. > > Example is below: > > a1.sinks.k1.type = elasticsearch > a1.sinks.k1.indexName = %{index-name} > a1.sinks.k1.indexType = %{index-type} > a1.sinks.k1.hostNames = 127.0.0.1:9200 > a1.sinks.k1.channel = c1 > > > Diffs > ----- > > flume-ng-doc/sphinx/FlumeUserGuide.rst 7b918ed > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/AbstractElasticSearchIndexRequestBuilderFactory.java > de84b95 > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/ElasticSearchSink.java > 39b6db5 > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/SimpleIndexNameBuilder.java > 19079af > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/TimeBasedIndexNameBuilder.java > a8603a4 > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/client/ElasticSearchRestClient.java > ff95e30 > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/main/java/org/apache/flume/sink/elasticsearch/client/ElasticSearchTransportClient.java > e9ed0b4 > > flume-ng-sinks/flume-ng-elasticsearch-sink/src/test/java/org/apache/flume/sink/elasticsearch/TestElasticSearchIndexRequestBuilderFactory.java > 807a9c7 > > Diff: https://reviews.apache.org/r/20601/diff/ > > > Testing > ------- > > > Thanks, > > Satoshi Iijima > >
