[ https://issues.apache.org/jira/browse/HBASE-15328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15876996#comment-15876996 ]
Hudson commented on HBASE-15328: -------------------------------- SUCCESS: Integrated in Jenkins build HBase-1.3-JDK8 #118 (See [https://builds.apache.org/job/HBase-1.3-JDK8/118/]) HBASE-15328 sanity check the redirect used to send master info requests (busbey: rev 44d9bbe223f34d9e7a85a1b16cd6608234909f4f) * (edit) hbase-server/src/main/java/org/apache/hadoop/hbase/master/HMaster.java * (edit) hbase-server/src/main/java/org/apache/hadoop/hbase/regionserver/HRegionServer.java * (edit) hbase-server/src/test/java/org/apache/hadoop/hbase/TestInfoServers.java > Unvalidated Redirect in HMaster > ------------------------------- > > Key: HBASE-15328 > URL: https://issues.apache.org/jira/browse/HBASE-15328 > Project: HBase > Issue Type: Bug > Components: security > Reporter: stack > Assignee: Sean Busbey > Priority: Minor > Fix For: 2.0.0, 1.4.0, 1.3.1, 1.2.5, 1.1.10 > > Attachments: HBASE-15328.0.patch, HBASE-15328.1.patch > > > See OWASP page on why we should clean it up someday: > https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet > Here is where we do the redirect: > {code} > @Override > public void doGet(HttpServletRequest request, > HttpServletResponse response) throws ServletException, IOException { > String redirectUrl = request.getScheme() + "://" > + request.getServerName() + ":" + regionServerInfoPort > + request.getRequestURI(); > response.sendRedirect(redirectUrl); > } > } > {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346)