smolnar82 commented on code in PR #842:
URL: https://github.com/apache/knox/pull/842#discussion_r1503837852
##########
gateway-service-metadata/src/main/java/org/apache/knox/gateway/service/metadata/KnoxMetadataResource.java:
##########
@@ -101,6 +103,7 @@ public GeneralProxyInformation getGeneralProxyInformation()
{
final ServerInfoService serviceInfoService =
gatewayServices.getService(ServiceType.SERVER_INFO_SERVICE);
final String versionInfo = serviceInfoService.getBuildVersion() + "
(hash=" + serviceInfoService.getBuildHash() + ")";
proxyInfo.setVersion(versionInfo);
+ proxyInfo.setHostname(Hostname.getHostname());
Review Comment:
> I wonder how critical is to have the real hostname in cases like this.
In the case of troubleshooting in a real cluster, this can be critical.
I agree, we may revisit the current usage of `InetAddress.getLocalHost()`
and replace them, if needed, with this new library.
WRT. the CVE concern, I also had that in my mind, but at the end of the day,
this new dependency does nothing special but delegate the `gethostname` call to
the OS-native layer using JNA. This is a 1-class dependency, I cannot see any
reported vulnerabilities so far.
<img width="1220" alt="Screenshot 2024-02-27 at 9 37 05"
src="https://github.com/apache/knox/assets/34065904/d4b08953-c677-400c-a77c-19361df82a6a";>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
