[jira] [Resolved] (YARN-6506) Fix the code vulnerability of org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap

Akira Ajisaka (Jira) Tue, 18 Feb 2020 17:43:01 -0800


     [ 
https://issues.apache.org/jira/browse/YARN-6506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Akira Ajisaka resolved YARN-6506.
---------------------------------
    Resolution: Cannot Reproduce

Now there are no findbugs warnings in the module. Closing.

> Fix the code vulnerability of 
> org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap
> ----------------------------------------------------------------------------------
>
>                 Key: YARN-6506
>                 URL: https://issues.apache.org/jira/browse/YARN-6506
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: scheduler-load-simulator
>            Reporter: Yufei Gu
>            Priority: Major
>
> It is reported by findbugs in YARN-6423.
> MS_MUTABLE_COLLECTION: Field is a mutable collection
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. Consider 
> wrapping this field into Collections.unmodifiableSet/List/Map/etc. to avoid 
> this vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org

[jira] [Resolved] (YARN-6506) Fix the code vulnerability of org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap

Reply via email to