Nick Dimiduk created HBASE-30264:
------------------------------------
Summary: Validate bulkToken path in
SecureBulkLoadManager.cleanupBulkLoad
Key: HBASE-30264
URL: https://issues.apache.org/jira/browse/HBASE-30264
Project: HBase
Issue Type: Task
Components: regionserver
Reporter: Nick Dimiduk
Assignee: Nick Dimiduk
The cleanupBulkLoad method in SecureBulkLoadManager constructs a Path directly
from the bulkToken field of the CleanupBulkLoadRequest and passes it to
fs.delete(path, true). The bulkToken is expected to be a staging directory
created by prepareBulkLoad, which always places it under
{hbase.rootdir}/staging/. However, cleanupBulkLoad does not verify that the
supplied path is actually within the staging directory.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)