Chip Salzenberg created HBASE-8811:
--------------------------------------
Summary: REST service ignores misspelled "check=" parameter,
causing unexpected mutations
Key: HBASE-8811
URL: https://issues.apache.org/jira/browse/HBASE-8811
Project: HBase
Issue Type: Bug
Components: REST
Affects Versions: 0.95.1
Reporter: Chip Salzenberg
Priority: Critical
In rest.RowResource.update(), this code keeps executing a request if a
misspelled check= parameter is provided.
{noformat}
if (CHECK_PUT.equalsIgnoreCase(check)) {
return checkAndPut(model);
} else if (CHECK_DELETE.equalsIgnoreCase(check)) {
return checkAndDelete(model);
} else if (check != null && check.length() > 0) {
LOG.warn("Unknown check value: " + check + ", ignored");
}
{noformat}
By my reading of the code, this results in the provided cell value that was
intended as a check instead being treated as a mutation, which is sure to
destroy user data. Thus the priority of this bug, as it can cause corruption.
I suggest that a better reaction than a warning would be, approximately:
{noformat}
return Response.status(Response.Status.BAD_REQUEST)
.type(MIMETYPE_TEXT).entity("Invalid check value '" + check + "'")
.build();
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
