[jira] [Created] (SENTRY-2497) show grant role results in NPE when URI does not have scheme

Wed, 13 Feb 2019 11:13:39 -0800 

Haley Reeve created SENTRY-2497:
-----------------------------------

             Summary: show grant role results in NPE when URI does not have 
scheme
                 Key: SENTRY-2497
                 URL: https://issues.apache.org/jira/browse/SENTRY-2497
             Project: Sentry
          Issue Type: Bug
    Affects Versions: 2.0.0
            Reporter: Haley Reeve
            Assignee: Haley Reeve


Sentry throws a NullPointerException when trying to run "show grant role" on a 
URI with no scheme associated with it. You can see the stacktrace in the HS2 
logs:
{noformat}
HS2 logs are showing the stacktrace:
2019-02-08 05:53:58,650 INFO org.apache.hadoop.hive.ql.Driver: 
[HiveServer2-Background-Pool: Thread-84]: Executing 
command(queryId=hive_20190208
055358_a283626f-c906-4bd1-be50-43e2e9a6949b): show grant role uritest
2019-02-08 05:53:58,651 INFO org.apache.hadoop.hive.ql.Driver: 
[HiveServer2-Background-Pool: Thread-84]: Starting task [Stage-0:DDL] in serial 
m
ode
2019-02-08 05:53:58,661 ERROR hive.ql.exec.DDLTask: 
[HiveServer2-Background-Pool: Thread-84]: java.lang.NullPointerException
        at 
org.apache.sentry.binding.util.SentryAuthorizerUtil.isLocalUri(SentryAuthorizerUtil.java:283)
        at 
org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeObject(SentryAuthorizerUtil.java:267)
        at 
org.apache.sentry.binding.util.SentryAuthorizerUtil.convert2HivePrivilegeInfo(SentryAuthorizerUtil.java:220)
        at 
org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivilegesByPrincipal(DefaultSentryAccessController.java:279)
        at 
org.apache.sentry.binding.hive.authz.DefaultSentryAccessController.showPrivileges(DefaultSentryAccessController.java:213)
        at 
org.apache.sentry.binding.hive.authz.SentryHiveAuthorizerImpl.showPrivileges(SentryHiveAuthorizerImpl.java:146)
        at org.apache.hadoop.hive.ql.exec.DDLTask.showGrants(DDLTask.java:746)
        at org.apache.hadoop.hive.ql.exec.DDLTask.execute(DDLTask.java:527)
        at org.apache.hadoop.hive.ql.exec.Task.executeTask(Task.java:199)
        at 
org.apache.hadoop.hive.ql.exec.TaskRunner.runSequential(TaskRunner.java:97)
        at org.apache.hadoop.hive.ql.Driver.launchTask(Driver.java:2250)
        at org.apache.hadoop.hive.ql.Driver.execute(Driver.java:1893)
        at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:1613)
        at org.apache.hadoop.hive.ql.Driver.run(Driver.java:1332)
...
2019-02-08 05:53:58,663 ERROR org.apache.hadoop.hive.ql.Driver: 
[HiveServer2-Background-Pool: Thread-84]: FAILED: Execution Error, return code 1
from org.apache.hadoop.hive.ql.exec.DDLTask. null
{noformat}

This appears to be happening because the show grant role logic is trying to 
construct a HivePrivilegeObject, which it wasn't doing in 1.8.0, and assumes 
the URI will have a scheme. See:
{noformat}
  public static boolean isLocalUri(String uriString) throws URISyntaxException {
    URI uri = new URI(uriString);
    if (uri.getScheme().equalsIgnoreCase("file")) {
      return true;
    }

    return false;
  }
{noformat}

Because uri.getScheme() can return null, the equalsIgnoreCase() can result in 
an NPE.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to