----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/66373/#review200297 -----------------------------------------------------------
Ship it! Ship It! - kalyan kumar kalvagadda On April 2, 2018, 6:38 p.m., Arjun Mishra wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/66373/ > ----------------------------------------------------------- > > (Updated April 2, 2018, 6:38 p.m.) > > > Review request for sentry, Alexander Kolbasov, Brian Towles, kalyan kumar > kalvagadda, Na Li, Steve Moist, Sergio Pena, Vadim Spector, and Xinran Tinney. > > > Repository: sentry > > > Description > ------- > > Sentry clients use Configuration class defined in the hadoop-common code base > to parse or read configuration files. Hadoop community had made improvements > particularly to enhance security. The change introduces a new boolean > attribute restrictParser. Setting restrictParser to true will > > Limit XML parsing to conform with feature > "http://apache.org/xml/features/disallow-doctype-decl" > This is a security feature explained here - > https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet > boolean restrictSystemProps is set to true > Will prevent system properties from being read > set XML inclusion (XInclude) to false > prevent merging of xml documents > This change is currently included in hadoop-version 2.7.5. There is a new > implementation of addResources method to allow the setting of restrictParser > boolean. Sentry is currently using hadoop-version 2.7.2. Bumping this version > up and making appropriate changes will allow Sentry to take advantage of this > feature > > > Diffs > ----- > > pom.xml 61e0f9700 > > sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/authz/HBaseIndexerAuthzBinding.java > d919fe702 > > sentry-binding/sentry-binding-hbase-indexer/src/main/java/org/apache/sentry/binding/hbaseindexer/conf/HBaseIndexerAuthzConf.java > cfbd37bf1 > > sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java > 8d5286cd3 > > sentry-binding/sentry-binding-kafka/src/main/java/org/apache/sentry/kafka/conf/KafkaAuthConf.java > 6ca621022 > > sentry-binding/sentry-binding-solr/src/main/java/org/apache/sentry/binding/solr/conf/SolrAuthzConf.java > 0883e70fe > > sentry-binding/sentry-binding-sqoop/src/main/java/org/apache/sentry/sqoop/conf/SqoopAuthConf.java > 7836871f6 > > sentry-hdfs/sentry-hdfs-namenode-plugin/src/main/java/org/apache/sentry/hdfs/SentryINodeAttributesProvider.java > cf96df47b > > sentry-provider/sentry-provider-common/src/main/java/org/apache/sentry/provider/common/HadoopGroupMappingService.java > 00b5cf608 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/PermissionsMigrationToolCommon.java > ed28b735c > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolIndexer.java > c2341d322 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryConfigToolSolr.java > 5649f43fa > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/generic/tools/SentryShellGeneric.java > 907e1462c > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/tools/SentryShellHive.java > 729a51865 > > sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/service/thrift/SentryService.java > bf5d85b03 > > sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/tools/CreateSentryTestScaleData.java > b234c85c5 > sentry-tools/src/main/java/org/apache/sentry/shell/SentryCli.java 8b68d0d06 > > > Diff: https://reviews.apache.org/r/66373/diff/2/ > > > Testing > ------- > > $ mvn -f sentry-binding/pom.xml test > $ mvn -f sentry-provider/pom.xml test > $ mvn -f sentry-hdfs/pom.xml test > > > Thanks, > > Arjun Mishra > >