Author: tgraves Date: Fri Nov 9 18:51:43 2012 New Revision: 1407590 URL: http://svn.apache.org/viewvc?rev=1407590&view=rev Log: HDFS-4162. Some malformed and unquoted HTML strings are returned from datanode web ui. (Darek Dagit via tgraves)
Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt?rev=1407590&r1=1407589&r2=1407590&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt Fri Nov 9 18:51:43 2012 @@ -45,6 +45,9 @@ Release 0.23.5 - UNRELEASED HDFS-4090. getFileChecksum() result incompatible when called against zero-byte files. (Kihwal Lee via daryn) + HDFS-4162. Some malformed and unquoted HTML strings are returned from + datanode web ui. (Darek Dagit via tgraves) + Release 0.23.4 - UNRELEASED INCOMPATIBLE CHANGES Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java?rev=1407590&r1=1407589&r2=1407590&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/JspHelper.java Fri Nov 9 18:51:43 2012 @@ -387,15 +387,15 @@ public class JspHelper { if (!parts[i].equals("")) { tempPath.append(parts[i]); out.print("<a href=\"browseDirectory.jsp" + "?dir=" - + tempPath.toString() + "&namenodeInfoPort=" + namenodeInfoPort + + HtmlQuoting.quoteHtmlChars(tempPath.toString()) + "&namenodeInfoPort=" + namenodeInfoPort + getDelegationTokenUrlParam(tokenString) + getUrlParam(NAMENODE_ADDRESS, nnAddress)); - out.print("\">" + parts[i] + "</a>" + Path.SEPARATOR); + out.print("\">" + HtmlQuoting.quoteHtmlChars(parts[i]) + "</a>" + Path.SEPARATOR); tempPath.append(Path.SEPARATOR); } } if(parts.length > 0) { - out.print(parts[parts.length-1]); + out.print(HtmlQuoting.quoteHtmlChars(parts[parts.length-1])); } } catch (UnsupportedEncodingException ex) { @@ -410,16 +410,16 @@ public class JspHelper { String nnAddress) throws IOException { out.print("<form action=\"browseDirectory.jsp\" method=\"get\" name=\"goto\">"); out.print("Goto : "); - out.print("<input name=\"dir\" type=\"text\" width=\"50\" id\"dir\" value=\""+ file+"\">"); - out.print("<input name=\"go\" type=\"submit\" value=\"go\">"); + out.print("<input name=\"dir\" type=\"text\" width=\"50\" id=\"dir\" value=\""+ HtmlQuoting.quoteHtmlChars(file)+"\"/>"); + out.print("<input name=\"go\" type=\"submit\" value=\"go\"/>"); out.print("<input name=\"namenodeInfoPort\" type=\"hidden\" " - + "value=\"" + namenodeInfoPort + "\">"); + + "value=\"" + namenodeInfoPort + "\"/>"); if (UserGroupInformation.isSecurityEnabled()) { out.print("<input name=\"" + DELEGATION_PARAMETER_NAME - + "\" type=\"hidden\" value=\"" + tokenString + "\">"); + + "\" type=\"hidden\" value=\"" + tokenString + "\"/>"); } out.print("<input name=\""+ NAMENODE_ADDRESS +"\" type=\"hidden\" " - + "value=\"" + nnAddress + "\">"); + + "value=\"" + nnAddress + "\"/>"); out.print("</form>"); } Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java?rev=1407590&r1=1407589&r2=1407590&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/datanode/DatanodeJspHelper.java Fri Nov 9 18:51:43 2012 @@ -44,6 +44,7 @@ import org.apache.hadoop.hdfs.protocol.L import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier; import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager; import org.apache.hadoop.hdfs.server.common.JspHelper; +import org.apache.hadoop.http.HtmlQuoting; import org.apache.hadoop.net.NetUtils; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.token.Token; @@ -118,7 +119,7 @@ public class DatanodeJspHelper { String target = dir; final HdfsFileStatus targetStatus = dfs.getFileInfo(target); if (targetStatus == null) { // not exists - out.print("<h3>File or directory : " + target + " does not exist</h3>"); + out.print("<h3>File or directory : " + StringEscapeUtils.escapeHtml(target) + " does not exist</h3>"); JspHelper.printGotoForm(out, namenodeInfoPort, tokenString, target, nnAddr); } else { @@ -204,7 +205,7 @@ public class DatanodeJspHelper { + JspHelper.getDelegationTokenUrlParam(tokenString) + JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, nnAddr); cols[0] = "<a href=\"" + datanodeUrl + "\">" - + localFileName + "</a>"; + + HtmlQuoting.quoteHtmlChars(localFileName) + "</a>"; cols[5] = lsDateFormat.format(new Date((files[i] .getModificationTime()))); cols[6] = files[i].getPermission().toString(); Modified: hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java URL: http://svn.apache.org/viewvc/hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java?rev=1407590&r1=1407589&r2=1407590&view=diff ============================================================================== --- hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java (original) +++ hadoop/common/branches/branch-0.23/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestJspHelper.java Fri Nov 9 18:51:43 2012 @@ -19,12 +19,18 @@ package org.apache.hadoop.hdfs.server.co import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; +import static org.mockito.Mockito.doAnswer; import java.io.IOException; +import java.io.StringReader; import java.net.InetSocketAddress; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; +import javax.servlet.jsp.JspWriter; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hdfs.DFSConfigKeys; @@ -43,10 +49,16 @@ import org.apache.hadoop.security.token. import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager; import org.junit.Assert; import org.junit.Test; +import org.mockito.ArgumentCaptor; +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; public class TestJspHelper { private Configuration conf = new HdfsConfiguration(); + private String jspWriterOutput = ""; public static class DummySecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> { @@ -365,6 +377,32 @@ public class TestJspHelper { ae.getMessage()); } } + + @Test + public void testPrintGotoFormWritesValidXML() throws IOException, + ParserConfigurationException, SAXException { + JspWriter mockJspWriter = mock(JspWriter.class); + ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class); + doAnswer(new Answer<Object>() { + @Override + public Object answer(InvocationOnMock invok) { + Object[] args = invok.getArguments(); + jspWriterOutput += (String) args[0]; + return null; + } + }).when(mockJspWriter).print(arg.capture()); + + jspWriterOutput = ""; + + JspHelper.printGotoForm(mockJspWriter, 424242, "a token string", + "foobar/file", "0.0.0.0"); + + DocumentBuilder parser = + DocumentBuilderFactory.newInstance().newDocumentBuilder(); + InputSource is = new InputSource(); + is.setCharacterStream(new StringReader(jspWriterOutput)); + parser.parse(is); + } private HttpServletRequest getMockRequest(String remoteUser, String user, String doAs) { HttpServletRequest request = mock(HttpServletRequest.class);