[
https://issues.apache.org/jira/browse/HIVE-20644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16639236#comment-16639236
]
Hive QA commented on HIVE-20644:
--------------------------------
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12942409/HIVE-20644.04
{color:red}ERROR:{color} -1 due to no test(s) being added or modified.
{color:green}SUCCESS:{color} +1 due to 15025 tests passed
Test results:
https://builds.apache.org/job/PreCommit-HIVE-Build/14244/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/14244/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-14244/
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
ATTACHMENT ID: 12942409 - PreCommit-HIVE-Build
> Avoid exposing sensitive infomation through a Hive Runtime exception
> --------------------------------------------------------------------
>
> Key: HIVE-20644
> URL: https://issues.apache.org/jira/browse/HIVE-20644
> Project: Hive
> Issue Type: Improvement
> Components: HiveServer2
> Affects Versions: 3.1.0
> Reporter: Ashutosh Bapat
> Assignee: Ashutosh Bapat
> Priority: Minor
> Labels: pull-request-available
> Fix For: 3.1.0
>
> Attachments: HIVE-20644.01, HIVE-20644.02, HIVE-20644.03,
> HIVE-20644.04
>
>
> The HiveException raised from the following methods is exposing the datarow
> the caused the run time exception.
> # ReduceRecordSource::GroupIterator::next() - around line 372
> # MapOperator::process() - around line 567
> # ExecReducer::reduce() - around line 243
> In all the cases, a string representation of the row is constructed on the
> fly and is included in
> the error message.
> VectorMapOperator::process() - around line 973 raises the same exception but
> it's not exposing the row since the row contents are not included in the
> error message.
> While trying to reproduce above error, I also found that the arguments to a
> UDF get exposed in log messages from FunctionRegistry::invoke() around line
> 1114. This too can cause sensitive information to be leaked through error
> message.
> This way some sensitive information is leaked to a user through exception
> message. That information may not be available to the user otherwise. Hence
> it's a kind of security breach or violation of access control.
> The contents of the row or the arguments to a function may be useful for
> debugging and hence it's worth to add those to logs. Hence proposal here to
> log a separate message with log level DEBUG or INFO containing the string
> representation of the row. Users can configure their logging so that
> DEBUG/INFO messages do not go to the client but at the same time are
> available in the hive server logs for debugging. The actual exception message
> will not contain any sensitive data like row data or argument data.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
