[jira] [Commented] (HIVE-13853) Add X-XSRF-Header filter to HS2 HTTP mode and WebHCat

Sat, 04 Jun 2016 10:50:12 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-13853?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15315590#comment-15315590
 ] 

Hive QA commented on HIVE-13853:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12807817/HIVE-13853.2.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:red}ERROR:{color} -1 due to 6 failed/errored test(s), 10221 tests 
executed
*Failed tests:*
{noformat}
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_list_bucket_dml_12
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_list_bucket_dml_13
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_stats_list_bucket
org.apache.hadoop.hive.cli.TestCliDriver.testCliDriver_subquery_multiinsert
org.apache.hadoop.hive.cli.TestMiniSparkOnYarnCliDriver.testCliDriver_constprog_partitioner
org.apache.hadoop.hive.cli.TestMiniSparkOnYarnCliDriver.testCliDriver_index_bitmap3
{noformat}

Test results: 
http://ec2-54-177-240-2.us-west-1.compute.amazonaws.com/job/PreCommit-HIVE-MASTER-Build/524/testReport
Console output: 
http://ec2-54-177-240-2.us-west-1.compute.amazonaws.com/job/PreCommit-HIVE-MASTER-Build/524/console
Test logs: 
http://ec2-50-18-27-0.us-west-1.compute.amazonaws.com/logs/PreCommit-HIVE-MASTER-Build-524/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
Tests exited with: TestsFailedException: 6 tests failed
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12807817 - PreCommit-HIVE-MASTER-Build

> Add X-XSRF-Header filter to HS2 HTTP mode and WebHCat
> -----------------------------------------------------
>
>                 Key: HIVE-13853
>                 URL: https://issues.apache.org/jira/browse/HIVE-13853
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2, WebHCat
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>         Attachments: HIVE-13853.2.patch, HIVE-13853.patch
>
>
> There is a possibility that there may be a CSRF-based attack on various 
> hadoop components, and thus, there is an effort to add a block for all 
> incoming http requests if they do not contain a X-XSRF-Header header. (See 
> HADOOP-12691 for motivation)
> This has potential to affect HS2 when running on thrift-over-http mode(if 
> cookie-based-auth is used), and webhcat.
> We introduce new flags to determine whether or not we're using the filter, 
> and if we are, we will automatically reject any http requests which do not 
> contain this header.
> To allow this to work, we also need to make changes to our JDBC driver to 
> automatically inject this header into any requests it makes. Also, any 
> client-side programs/api not using the JDBC driver directly will need to make 
> changes to add a X-XSRF-Header header to the request to make calls to 
> HS2/WebHCat if this filter is enabled.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to