Re: Review Request 58657: Remove user input from invalid renderer error message

Attila Magyar Mon, 24 Apr 2017 01:00:00 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/
-----------------------------------------------------------


(Updated April 24, 2017, 7:59 a.m.)


Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and 
Sebastian Toader.


Changes
-------

test result


Bugs: AMBARI-20823
    https://issues.apache.org/jira/browse/AMBARI-20823


Repository: ambari


Description
-------

Remove user input from invalid renderer error message to avoid potential XSS 
attacks.

throw new IllegalArgumentException("Invalid renderer name: " + name + " for 
resource of type: " + m_type);
should be removed and the error message changed to: "Invalid renderer name for 
resource of type <resource type>"


Diffs
-----

  
ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java
 99bcd03 
  
ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java
 e076268 


Diff: https://reviews.apache.org/r/58657/diff/1/


Testing (updated)
-------

modified existing unittest

existing tests: passed


Thanks,

Attila Magyar

Re: Review Request 58657: Remove user input from invalid renderer error message

Reply via email to