[ 
https://issues.apache.org/jira/browse/YARN-3771?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14948327#comment-14948327
 ] 

Rohith Sharma K S commented on YARN-3771:
-----------------------------------------

+1 for the fixing security hole. One concern about the patch is backward 
compatibility since array string is changed to List. If any clients are using 
this default constant, it would cause compilation error to them. 

I would like to hear comments from the other folks for doing this change.

> "final" behavior is not honored for 
> YarnConfiguration.DEFAULT_YARN_APPLICATION_CLASSPATH  since it is a String[]
> ----------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-3771
>                 URL: https://issues.apache.org/jira/browse/YARN-3771
>             Project: Hadoop YARN
>          Issue Type: Bug
>            Reporter: nijel
>            Assignee: nijel
>         Attachments: 0001-YARN-3771.patch
>
>
> i was going through some find bugs rules. One issue reported in that is 
>  public static final String[] DEFAULT_YARN_APPLICATION_CLASSPATH = {
> and 
>   public static final String[] 
> DEFAULT_YARN_CROSS_PLATFORM_APPLICATION_CLASSPATH=
> is not honoring the final qualifier. The string array contents can be re 
> assigned !
> Simple test
> {code}
> public class TestClass {
>   static final String[] t = { "1", "2" };
>   public static void main(String[] args) {
>     System.out.println(12 < 10);
>     String[] t1={"u"};
> //    t = t1; // this will show compilation  error
>     t (1) = t1 (1) ; // But this works
>   }
> }
> {code}
> One option is to use Collections.unmodifiableList
> any thoughts ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to