[jira] [Commented] (HBASE-21275) Thrift Server (branch 1 fix) -> Disable TRACE HTTP method for thrift http server (branch 1 only)

Wed, 17 Oct 2018 06:54:13 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-21275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16653579#comment-16653579
 ] 

Hadoop QA commented on HBASE-21275:
-----------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue}  0m 
23s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue}  0m  
1s{color} | {color:blue} Findbugs executables are not available. {color} |
| {color:green}+1{color} | {color:green} hbaseanti {color} | {color:green}  0m  
0s{color} | {color:green} Patch does not have any anti-patterns. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green}  0m 
 0s{color} | {color:green} The patch appears to include 1 new or modified test 
files. {color} |
|| || || || {color:brown} branch-1.4 Compile Tests {color} ||
| {color:red}-1{color} | {color:red} mvninstall {color} | {color:red}  6m 
51s{color} | {color:red} root in branch-1.4 failed. {color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red}  0m 
13s{color} | {color:red} hbase-thrift in branch-1.4 failed with JDK v1.8.0_181. 
{color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red}  0m  
7s{color} | {color:red} hbase-thrift in branch-1.4 failed with JDK v1.7.0_191. 
{color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red}  0m  
9s{color} | {color:red} The patch fails to run checkstyle in hbase-thrift 
{color} |
| {color:red}-1{color} | {color:red} shadedjars {color} | {color:red}  1m 
41s{color} | {color:red} branch has 16 errors when building our shaded 
downstream artifacts. {color} |
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red}  0m 
10s{color} | {color:red} hbase-thrift in branch-1.4 failed with JDK v1.8.0_181. 
{color} |
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red}  0m  
7s{color} | {color:red} hbase-thrift in branch-1.4 failed with JDK v1.7.0_191. 
{color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:red}-1{color} | {color:red} mvninstall {color} | {color:red}  0m 
58s{color} | {color:red} root in the patch failed. {color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red}  0m  
5s{color} | {color:red} hbase-thrift in the patch failed with JDK v1.8.0_181. 
{color} |
| {color:red}-1{color} | {color:red} javac {color} | {color:red}  0m  5s{color} 
| {color:red} hbase-thrift in the patch failed with JDK v1.8.0_181. {color} |
| {color:red}-1{color} | {color:red} compile {color} | {color:red}  0m  
8s{color} | {color:red} hbase-thrift in the patch failed with JDK v1.7.0_191. 
{color} |
| {color:red}-1{color} | {color:red} javac {color} | {color:red}  0m  8s{color} 
| {color:red} hbase-thrift in the patch failed with JDK v1.7.0_191. {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red}  0m  
8s{color} | {color:red} The patch fails to run checkstyle in hbase-thrift 
{color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:red}-1{color} | {color:red} shadedjars {color} | {color:red}  1m 
37s{color} | {color:red} patch has 16 errors when building our shaded 
downstream artifacts. {color} |
| {color:red}-1{color} | {color:red} hadoopcheck {color} | {color:red}  1m 
29s{color} | {color:red} The patch causes 16 errors with Hadoop v2.4.1. {color} 
|
| {color:red}-1{color} | {color:red} hadoopcheck {color} | {color:red}  2m 
55s{color} | {color:red} The patch causes 16 errors with Hadoop v2.5.2. {color} 
|
| {color:red}-1{color} | {color:red} hadoopcheck {color} | {color:red}  4m 
28s{color} | {color:red} The patch causes 16 errors with Hadoop v2.6.5. {color} 
|
| {color:red}-1{color} | {color:red} hadoopcheck {color} | {color:red}  5m 
23s{color} | {color:red} The patch causes 16 errors with Hadoop v2.7.4. {color} 
|
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red}  0m  
5s{color} | {color:red} hbase-thrift in the patch failed with JDK v1.8.0_181. 
{color} |
| {color:red}-1{color} | {color:red} javadoc {color} | {color:red}  0m  
8s{color} | {color:red} hbase-thrift in the patch failed with JDK v1.7.0_191. 
{color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red}  0m  7s{color} 
| {color:red} hbase-thrift in the patch failed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
11s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 18m 58s{color} | 
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | Client=17.05.0-ce Server=17.05.0-ce Image:yetus/hbase:2cf636a |
| JIRA Issue | HBASE-21275 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/12944324/HBASE-21275-branch-1.4.001.patch
 |
| Optional Tests |  dupname  asflicense  javac  javadoc  unit  findbugs  
shadedjars  hadoopcheck  hbaseanti  checkstyle  compile  |
| uname | Linux d767aab1c21a 3.13.0-153-generic #203-Ubuntu SMP Thu Jun 14 
08:52:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | 
/home/jenkins/jenkins-slave/workspace/PreCommit-HBASE-Build/component/dev-support/hbase-personality.sh
 |
| git revision | branch-1.4 / a44ba21 |
| maven | version: Apache Maven 3.0.5 |
| Default Java | 1.7.0_191 |
| Multi-JDK versions |  /usr/lib/jvm/java-8-openjdk-amd64:1.8.0_181 
/usr/lib/jvm/java-7-openjdk-amd64:1.7.0_191 |
| mvninstall | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-mvninstall-root.txt
 |
| compile | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-compile-hbase-thrift-jdk1.8.0_181.txt
 |
| compile | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-compile-hbase-thrift-jdk1.7.0_191.txt
 |
| checkstyle | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess//testptch/patchprocess/maven-branch-checkstyle-hbase-thrift.txt
 |
| shadedjars | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-shadedjars.txt
 |
| javadoc | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-javadoc-hbase-thrift-jdk1.8.0_181.txt
 |
| javadoc | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/branch-javadoc-hbase-thrift-jdk1.7.0_191.txt
 |
| mvninstall | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-mvninstall-root.txt
 |
| compile | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-compile-hbase-thrift-jdk1.8.0_181.txt
 |
| javac | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-compile-hbase-thrift-jdk1.8.0_181.txt
 |
| compile | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-compile-hbase-thrift-jdk1.7.0_191.txt
 |
| javac | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-compile-hbase-thrift-jdk1.7.0_191.txt
 |
| checkstyle | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess//testptch/patchprocess/maven-patch-checkstyle-hbase-thrift.txt
 |
| shadedjars | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-shadedjars.txt
 |
| hadoopcheck | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javac-2.4.1.txt
 |
| hadoopcheck | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javac-2.5.2.txt
 |
| hadoopcheck | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javac-2.6.5.txt
 |
| hadoopcheck | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javac-2.7.4.txt
 |
| javadoc | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javadoc-hbase-thrift-jdk1.8.0_181.txt
 |
| javadoc | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-javadoc-hbase-thrift-jdk1.7.0_191.txt
 |
| unit | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/artifact/patchprocess/patch-unit-hbase-thrift.txt
 |
|  Test Results | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/testReport/ |
| Max. process+thread count | 54 (vs. ulimit of 10000) |
| modules | C: hbase-thrift U: hbase-thrift |
| Console output | 
https://builds.apache.org/job/PreCommit-HBASE-Build/14731/console |
| Powered by | Apache Yetus 0.8.0   http://yetus.apache.org |


This message was automatically generated.



> Thrift Server (branch 1 fix) -> Disable TRACE HTTP method for thrift http 
> server (branch 1 only)
> ------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-21275
>                 URL: https://issues.apache.org/jira/browse/HBASE-21275
>             Project: HBase
>          Issue Type: Bug
>          Components: Thrift
>            Reporter: Wellington Chevreuil
>            Assignee: Wellington Chevreuil
>            Priority: Minor
>             Fix For: 1.4.8, 1.2.7
>
>         Attachments: HBASE-21275-branch-1.001.patch, 
> HBASE-21275-branch-1.2.001.patch, HBASE-21275-branch-1.2.002.patch, 
> HBASE-21275-branch-1.2.003.patch, HBASE-21275-branch-1.2.003.patch, 
> HBASE-21275-branch-1.4.001.patch
>
>
> There's been a reasonable number of users running thrift http server on hbase 
> 1.x suffering with security audit tests pointing thrift server allows TRACE 
> requests.
> After doing some search, I can see HBASE-20406 added restrictions for 
> TRACE/OPTIONS method when Thrift is running over http, but it relies on many 
> other commits applied to thrift http server. This patch was later reverted 
> from master. Then again later, HBASE-20004 had made TRACE/OPTIONS 
> configurable via "*hbase.thrift.http.allow.options.method*" property, with 
> both methods being disabled by default. This also seems to rely on many 
> changes applied to thrift http server, and a branch 1 compatible patch does 
> not seem feasible.
> A solution for branch 1 is pretty simple though, am proposing a patch that 
> simply uses *WebAppContext*, instead of *Context*, as the context for the 
> *HttpServer* instance. *WebAppContext* will already restrict TRACE methods by 
> default.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to