[
https://issues.apache.org/jira/browse/HBASE-29761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043987#comment-18043987
]
Kevin Geiszler commented on HBASE-29761:
----------------------------------------
The fix is simple. Instead of calling {{conf.writeXml(os)}} in these
{{*DumpServlet}} classes, we can call {{{}conf.writeXml(null, os, conf){}}}.
This allows us to pass the conf directly into the {{writeXml()}} method at the
end of the call chain, thus allowing the {{ConfigRedactor}} object to get set
up.
In this case, the {{null}} value being passed into {{writeXml()}} is for the
{{propertyName}} arg. According to the
[documentation|https://hadoop.apache.org/docs/current/api/org/apache/hadoop/conf/Configuration.html#writeXml-java.lang.String-java.io.Writer-org.apache.hadoop.conf.Configuration-],
when {{propertyName}} is {{{}null{}}}, the method writes all the config
properties to the writer.
I also had to change:
{{OutputStream os = response.getOutputStream();}}
to
{{OutputStreamWriter os = new OutputStreamWriter(response.getOutputStream(),
StandardCharsets.UTF_8);}}
in order to properly use {{{}conf.writeXml(null, os, conf){}}}.
> The HBase UI's Debug Dump is not redacting sensitive information
> ----------------------------------------------------------------
>
> Key: HBASE-29761
> URL: https://issues.apache.org/jira/browse/HBASE-29761
> Project: HBase
> Issue Type: Bug
> Components: UI
> Reporter: Kevin Geiszler
> Assignee: Kevin Geiszler
> Priority: Critical
>
> The Debug Dump feature in the HBase UI is supposed to redact sensitive
> configuration values such as truststore and keystore passwords, but it is not
> doing so. Instead, the sensitive values are shown in plain text.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
