Re: Review Request 73730: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797

Fri, 03 Dec 2021 21:22:20 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73730/#review223805
-----------------------------------------------------------


Ship it!




Ship It!

- bhavik patel


On Nov. 29, 2021, 6:38 a.m., Dhaval Shah wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/73730/
> -----------------------------------------------------------
> 
> (Updated Nov. 29, 2021, 6:38 a.m.)
> 
> 
> Review request for ranger, bhavik patel, Dineshkumar Yadav, Kishore 
> Gopalakrishna, Madhan Neethiraj, Mateen Mansoori, Mehul Parikh, Pradeep 
> Agrawal, Sailaja Polavarapu, and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-3521
>     https://issues.apache.org/jira/browse/RANGER-3521
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> We found the vulnerability related to ranger KMS on SSL port.
> 
> Ranger KMS is not enforcing HSTS on SSL port defined by RFC 6797.
> 
> 
> Diffs
> -----
> 
>   kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
> f0e92b865 
> 
> 
> Diff: https://reviews.apache.org/r/73730/diff/1/
> 
> 
> Testing
> -------
> 
> Successfully validated.
> 1.) Ranger Build.
> 2.) Validated HSTS tag in Reponse Header for Ranger KMS CURL response for 
> GET, CREATE, ROLLOVER, DELETE, GET METADATA key.
> 
> E.G. : 
> < Strict-Transport-Security: max-age=31536000; includeSubDomains
> Strict-Transport-Security: max-age=31536000; includeSubDomains
> 
> 
> Thanks,
> 
> Dhaval Shah
> 
>

Reply via email to