[jira] [Assigned] (RANGER-3542) Invalid HTTPS Check

Pradeep Agrawal (Jira) Thu, 03 Feb 2022 03:56:55 -0800


     [ 
https://issues.apache.org/jira/browse/RANGER-3542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Pradeep Agrawal reassigned RANGER-3542:
---------------------------------------

    Assignee: Pradeep Agrawal

> Invalid HTTPS Check
> -------------------
>
>                 Key: RANGER-3542
>                 URL: https://issues.apache.org/jira/browse/RANGER-3542
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: David Mollitor
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>
> [https://github.com/apache/ranger/blob/0258fcf7ab25473b056fffc103840806c18fdcad/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L243]
>  
> {code:java|title=RangerRESTClient.java}
> mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https");
> {code}
> This can trigger inadvertently if the host name just happens to have "https" 
> in the name.  Better/safer to use Java URL to parse {{mUrl}} and look at the 
> protocol explicitly.
> For example: {{http://my.serverhttps.com}} would trigger as an ssl enabled 
> endpoint.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Assigned] (RANGER-3542) Invalid HTTPS Check

Reply via email to