[
https://issues.apache.org/jira/browse/OOZIE-2492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15215132#comment-15215132
]
Hadoop QA commented on OOZIE-2492:
----------------------------------
Testing JIRA OOZIE-2492
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:green}+1{color} the patch does not introduce any @author tags
. {color:green}+1{color} the patch does not introduce any tabs
. {color:green}+1{color} the patch does not introduce any trailing spaces
. {color:green}+1{color} the patch does not introduce any line longer than
132
. {color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
. {color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
{color:green}+1 COMPILE{color}
. {color:green}+1{color} HEAD compiles
. {color:green}+1{color} patch compiles
. {color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
. Tests run: 1768
. Tests failed: 2
. Tests errors: 0
. The patch failed the following testcases:
.
testMaxMatThrottleNotPicked(org.apache.oozie.service.TestCoordMaterializeTriggerService)
.
testNone(org.apache.oozie.command.coord.TestCoordActionInputCheckXCommandNonUTC)
{color:green}+1 DISTRO{color}
. {color:green}+1{color} distro tarball builds with the patch
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/oozie-trunk-precommit-build/2790/
> JSON security issue in js code
> ------------------------------
>
> Key: OOZIE-2492
> URL: https://issues.apache.org/jira/browse/OOZIE-2492
> Project: Oozie
> Issue Type: Bug
> Components: client, security
> Affects Versions: 4.1.0
> Reporter: Ferenc Denes
> Assignee: Ferenc Denes
> Labels: security, web-console
> Fix For: trunk
>
> Attachments: OOZIE-2492-1.patch
>
>
> JSON parsing is done using the eval js method in several places in the
> oozie-console.js, which allows code injection.
> The project already contains a json parser library, which should be used all
> around the code.
> We are aware that most of the json documents parsed are from the oozie
> server, and not from the user directly. However fixing it all will make the
> code most robust and consistent.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
