[jira] [Commented] (RANGER-3542) Invalid HTTPS Check

Pradeep Agrawal (Jira) Mon, 07 Feb 2022 00:44:07 -0800


    [ 
https://issues.apache.org/jira/browse/RANGER-3542?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17487967#comment-17487967
 ]


Pradeep Agrawal commented on RANGER-3542:
-----------------------------------------

master branch : 
[https://github.com/apache/ranger/commit/26070383c6300da91926ed77e128d35c9808056c]

2.3-branch: 
https://github.com/apache/ranger/commit/5e24f09f1a54ac5e07079758d3fc45a4bf16677d

> Invalid HTTPS Check
> -------------------
>
>                 Key: RANGER-3542
>                 URL: https://issues.apache.org/jira/browse/RANGER-3542
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>            Reporter: David Mollitor
>            Assignee: Pradeep Agrawal
>            Priority: Minor
>             Fix For: 3.0.0, 2.3.0
>
>         Attachments: 0001-RANGER-3542-Fix-invalid-HTTPS-check.patch
>
>
> [https://github.com/apache/ranger/blob/0258fcf7ab25473b056fffc103840806c18fdcad/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerRESTClient.java#L243]
>  
> {code:java|title=RangerRESTClient.java}
> mIsSSL = StringUtils.containsIgnoreCase(mUrl, "https");
> {code}
> This can trigger inadvertently if the host name just happens to have "https" 
> in the name.  Better/safer to use Java URL to parse {{mUrl}} and look at the 
> protocol explicitly.
> For example: {{http://my.serverhttps.com}} would trigger as an ssl enabled 
> endpoint.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3542) Invalid HTTPS Check

Reply via email to