[
https://issues.apache.org/jira/browse/OOZIE-2946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16049030#comment-16049030
]
Hadoop QA commented on OOZIE-2946:
----------------------------------
Testing JIRA OOZIE-2946
Cleaning local git workspace
----------------------------
{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
. {color:green}+1{color} the patch does not introduce any @author tags
. {color:green}+1{color} the patch does not introduce any tabs
. {color:green}+1{color} the patch does not introduce any trailing spaces
. {color:green}+1{color} the patch does not introduce any line longer than
132
. {color:red}-1{color} the patch does not add/modify any testcase
{color:green}+1 RAT{color}
. {color:green}+1{color} the patch does not seem to introduce new RAT
warnings
{color:green}+1 JAVADOC{color}
. {color:green}+1{color} the patch does not seem to introduce new Javadoc
warnings
. {color:red}WARNING{color}: the current HEAD has 6 Javadoc warning(s)
{color:green}+1 COMPILE{color}
. {color:green}+1{color} HEAD compiles
. {color:green}+1{color} patch compiles
. {color:green}+1{color} the patch does not seem to introduce new javac
warnings
{color:red}-1{color} There are [106] new bugs found below threshold in total
that must be fixed.
. {color:red}-1{color} There are [1] new bugs found below threshold in [server]
that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
server/findbugs-new.html
. The most important FindBugs errors are:
. At JspHandlerProvider.java:[line 43]: File(...) reads a file whose location
might be specified by user input
. At JspHandlerProvider.java:[line 43]
. {color:red}-1{color} There are [8] new bugs found below threshold in [client]
that must be fixed, listing only the first [5] ones.
. You can find the FindBugs diff here (look for the red and orange ones):
client/findbugs-new.html
. The top [5] most important FindBugs errors are:
. At OozieCLI.java:[line 840]: File(...) reads a file whose location might be
specified by user input
. FileInputStream(...) reads a file whose location might be specified by user
input: At OozieCLI.java:[line 838]
. At OozieCLI.java:[line 838]: At OozieCLI.java:[line 848]
. At OozieCLI.java:[line 875]: File(...) reads a file whose location might be
specified by user input
. File(...) reads a file whose location might be specified by user input: At
OozieCLI.java:[line 870]
. {color:green}+1{color} There are no new bugs found in [docs].
. {color:red}-1{color} There are [3] new bugs found below threshold in
[sharelib/hive] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/hive/findbugs-new.html
. The most important FindBugs errors are:
. At HiveMain.java:[line 336]: FileReader(...) reads a file whose location
might be specified by user input
. At HiveMain.java:[line 245]: At HiveMain.java:[line 226]
. At HiveMain.java:[line 229]: File(...) reads a file whose location might be
specified by user input
. FileOutputStream(...) writes to a file whose location might be specified by
user input: At HiveMain.java:[line 226]
. At HiveMain.java:[line 172]: At HiveMain.java:[line 173]
. {color:red}-1{color} There are [5] new bugs found below threshold in
[sharelib/spark] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/spark/findbugs-new.html
. The most important FindBugs errors are:
. At SparkMain.java:[line 129]: File(...) reads a file whose location might be
specified by user input
. File(...) reads a file whose location might be specified by user input: At
SparkMain.java:[line 129]
. At SparkMain.java:[line 162]: At SparkMain.java:[line 169]
. FileOutputStream(...) writes to a file whose location might be specified by
user input: At SparkMain.java:[line 168]
. At SparkMain.java:[line 210]: At SparkMain.java:[line 211]
. {color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
. {color:red}-1{color} There are [3] new bugs found below threshold in
[sharelib/hive2] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/hive2/findbugs-new.html
. The most important FindBugs errors are:
. At Hive2Main.java:[line 278]: FileReader(...) reads a file whose location
might be specified by user input
. At Hive2Main.java:[line 164]: At Hive2Main.java:[line 145]
. At Hive2Main.java:[line 148]: File(...) reads a file whose location might be
specified by user input
. FileOutputStream(...) writes to a file whose location might be specified by
user input: At Hive2Main.java:[line 145]
. At Hive2Main.java:[line 117]: At Hive2Main.java:[line 266]
. {color:green}+1{color} There are no new bugs found in [sharelib/streaming].
. {color:red}-1{color} There are [8] new bugs found below threshold in
[sharelib/pig] that must be fixed, listing only the first [5] ones.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/pig/findbugs-new.html
. The top [5] most important FindBugs errors are:
. At PigMain.java:[line 268]: File(...) reads a file whose location might be
specified by user input
. At PigMain.java:[line 148]: At PigMain.java:[line 138]
. At PigMain.java:[line 255]: At PigMain.java:[line 208]
. At PigMain.java:[line 190]: File(...) reads a file whose location might be
specified by user input
. FileOutputStream(...) writes to a file whose location might be specified by
user input: At PigMain.java:[line 181]
. {color:red}-1{color} There are [1] new bugs found below threshold in
[sharelib/sqoop] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/sqoop/findbugs-new.html
. The most important FindBugs errors are:
. At SqoopMain.java:[line 137]: FileOutputStream(...) writes to a file whose
location might be specified by user input
. At SqoopMain.java:[line 136]
. {color:red}-1{color} There are [1] new bugs found below threshold in
[sharelib/distcp] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/distcp/findbugs-new.html
. The most important FindBugs errors are:
. At DistcpMain.java:[line 146]: FileOutputStream(...) writes to a file whose
location might be specified by user input
. At DistcpMain.java:[line 145]
. {color:red}-1{color} There are [8] new bugs found below threshold in
[sharelib/oozie] that must be fixed, listing only the first [5] ones.
. You can find the FindBugs diff here (look for the red and orange ones):
sharelib/oozie/findbugs-new.html
. The top [5] most important FindBugs errors are:
. At LauncherMain.java:[line 135]: File(...) reads a file whose location might
be specified by user input
. FileReader(...) reads a file whose location might be specified by user input:
At LauncherMain.java:[line 171]
. At LauncherMain.java:[line 171]: At LauncherMain.java:[line 139]
. At LauncherMain.java:[line 397]: File(...) reads a file whose location might
be specified by user input
. At LauncherMapper.java:[line 614]: File(...) reads a file whose location
might be specified by user input
. {color:red}-1{color} There are [45] new bugs found below threshold in [core]
that must be fixed, listing only the first [5] ones.
. You can find the FindBugs diff here (look for the red and orange ones):
core/findbugs-new.html
. The top [5] most important FindBugs errors are:
. At EmailActionExecutor.java:[line 265]: File(...) reads a file whose location
might be specified by user input
. At EmailActionExecutor.java:[line 162]: At EmailActionExecutor.java:[line 160]
. At EmailActionExecutor.java:[line 176]: At EmailActionExecutor.java:[line 171]
. At LauncherHelper.java:[line 159]: MD5 is not a recommended cryptographic
hash function
. At SshActionExecutor.java:[line 133]: This usage of Runtime.exec(...) can be
vulnerable to Command Injection
. {color:red}-1{color} There are [21] new bugs found below threshold in [tools]
that must be fixed, listing only the first [5] ones.
. You can find the FindBugs diff here (look for the red and orange ones):
tools/findbugs-new.html
. The top [5] most important FindBugs errors are:
. At OozieDBCLI.java:[line 548]: FileWriter(...) writes to a file whose
location might be specified by user input
. At OozieDBCLI.java:[line 126]: At OozieDBCLI.java:[line 122]
. At OozieDBCLI.java:[line 229]: At OozieDBCLI.java:[line 133]
. At OozieDBCLI.java:[line 703]: At OozieDBCLI.java:[line 249]
. At OozieDBCLI.java:[line 577]: FileWriter(...) writes to a file whose
location might be specified by user input
. {color:red}-1{color} There are [2] new bugs found below threshold in
[examples] that must be fixed.
. You can find the FindBugs diff here (look for the red and orange ones):
examples/findbugs-new.html
. The most important FindBugs errors are:
. At LocalOozieExample.java:[line 47]: File(...) reads a file whose location
might be specified by user input
. FileInputStream(...) reads a file whose location might be specified by user
input: At LocalOozieExample.java:[line 35]
. At LocalOozieExample.java:[line 35]: At LocalOozieExample.java:[line 72]
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
. {color:green}+1{color} the patch does not change any JPA
Entity/Colum/Basic/Lob/Transient annotations
. {color:green}+1{color} the patch does not modify JPA files
{color:red}-1 TESTS{color}
. Tests run: 1963
. Tests failed: 1
. Tests errors: 2
. The patch failed the following testcases:
. testNofindLogs(org.apache.oozie.util.TestTimestampedMessageParser)
. Tests failing with errors:
.
testProcessRemainingLog(org.apache.oozie.util.TestTimestampedMessageParser)
.
testProcessRemainingCoordinatorLogForActions(org.apache.oozie.util.TestTimestampedMessageParser)
{color:green}+1 DISTRO{color}
. {color:green}+1{color} distro tarball builds with the patch
----------------------------
{color:red}*-1 Overall result, please check the reported -1(s)*{color}
{color:red}. There is at least one warning, please check{color}
The full output of the test-patch run is available at
. https://builds.apache.org/job/oozie-trunk-precommit-build/3887/
> Include find-sec-bugs plugin
> ----------------------------
>
> Key: OOZIE-2946
> URL: https://issues.apache.org/jira/browse/OOZIE-2946
> Project: Oozie
> Issue Type: Task
> Components: build, security
> Reporter: Jan Hentschel
> Assignee: Jan Hentschel
> Priority: Minor
> Attachments: OOZIE-2946-1.patch
>
>
> The [Find Security Bugs|http://find-sec-bugs.github.io/] plugin looks for
> security bugs in Java web apps, such as Oozie. This plugin should be included
> in the build process.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
