[jira] [Created] (HDFS-13636) Security Cross-Site Scripting issue in HDFS code
Haibo Yan created HDFS-13636: Summary: Security Cross-Site Scripting issue in HDFS code Key: HDFS-13636 URL: https://issues.apache.org/jira/browse/HDFS-13636 Project: Hadoop HDFS Issue Type: Bug Reporter: Haibo Yan Assignee: Haibo Yan A couple if CSS attack issues were found in our fortify test run. One of example in hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java {code:java} // code placeholder if (servletContext.getAttribute(ADMINS_ACL) != null && !userHasAdministratorAccess(servletContext, remoteUser)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User " + remoteUser + " is unauthorized to access this page."); return false; }{code} List of issues also were found at hadoop-common-project/hadoop-auth-examples/src/main/java/org/apache/hadoop/security/authentication/examples/WhoServlet.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer.java Suggest fix is remove remoteUser from the page, and log it. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
[jira] [Created] (HDFS-13231) Extend visualization for Maintenance Mode under Datanode tab in the NameNode UI
Haibo Yan created HDFS-13231: Summary: Extend visualization for Maintenance Mode under Datanode tab in the NameNode UI Key: HDFS-13231 URL: https://issues.apache.org/jira/browse/HDFS-13231 Project: Hadoop HDFS Issue Type: Bug Components: datanode, namenode Affects Versions: 3.0.1 Reporter: Haibo Yan With HDFS-9391, table view is using css dynamic class name to match the state {code:html|title=hadoop/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/hdfs/dfshealth.html} {name} ({xferaddr}) {code} Some css is missing when the datanode is going to {code:javascript|title=hadoop/hadoop-hdfs-project/hadoop-hdfs/src/main/webapps/hdfs/dfshealth.js} if (n.adminState === "In Service") { n.state = "alive"; } else if (nodes[i].adminState === "Decommission In Progress") { n.state = "decommissioning"; } else if (nodes[i].adminState === "Decommissioned") { n.state = "decommissioned"; } else if (nodes[i].adminState === "Entering Maintenance") { n.state = "entering-maintenance"; } else if (nodes[i].adminState === "In Maintenance") { n.state = "in-maintenance"; } {code} dfshealth-node-decommissioning, dfshealth-node-entering-maintenance, dfshealth-node-in-maintenance should be added into hadoop.css -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org
[jira] [Created] (HDFS-13106) Need to exercise all HDFS APIs for EC
Haibo Yan created HDFS-13106: Summary: Need to exercise all HDFS APIs for EC Key: HDFS-13106 URL: https://issues.apache.org/jira/browse/HDFS-13106 Project: Hadoop HDFS Issue Type: Bug Components: hdfs Reporter: Haibo Yan Exercise FileSystem API to make sure all APIs works as expected under Erasure Coding feature enabled -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: hdfs-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: hdfs-dev-h...@hadoop.apache.org