You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by GitBox <gi...@apache.org> on 2022/06/06 19:09:55 UTC

[GitHub] [iceberg] danielcweeks opened a new pull request, #4975: Update REST namespace separator to use unit separator char

danielcweeks opened a new pull request, #4975:
URL: https://github.com/apache/iceberg/pull/4975

   The null byte character is not generally considered safe for use in REST paths even when url encoded due to various forms of null byte injection attacks.  This will cause problems with many frameworks that detect and reject requests using this character in the path.
   
   The unit separator character (`0x1F`) is a safer and more meaningful alternative.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on a diff in pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

rdblue commented on code in PR #4975:
URL: https://github.com/apache/iceberg/pull/4975#discussion_r890587597


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -197,7 +197,7 @@ paths:
           description:
             An optional namespace, underneath which to list namespaces.
             If not provided or empty, all top-level namespaces should be listed.
-            If parent is a multipart namespace, the parts must be separated by the null byte.
+            If parent is a multipart namespace, the parts must be separated by the unit separator (`0x1F`) byte.

Review Comment:
   There are some examples that need to be updated as well if you search for `%00`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

rdblue commented on PR #4975:
URL: https://github.com/apache/iceberg/pull/4975#issuecomment-1147952777

   @rymurr and @nastra, FYI. The plan to use the null byte as a separator character was with you both, but it is apparently blocked by some HTTP frameworks because of null byte vulnerabilities. It makes much more sense to use a character reserved for this purpose, 0x1F (unit separator).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

rdblue commented on PR #4975:
URL: https://github.com/apache/iceberg/pull/4975#issuecomment-1150319746

   I think we should just change it since we haven't yet released the code or the spec.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue merged pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

rdblue merged PR #4975:
URL: https://github.com/apache/iceberg/pull/4975


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on a diff in pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

rdblue commented on code in PR #4975:
URL: https://github.com/apache/iceberg/pull/4975#discussion_r890628721


##########
open-api/rest-catalog-open-api.yaml:
##########
@@ -197,7 +197,7 @@ paths:
           description:
             An optional namespace, underneath which to list namespaces.
             If not provided or empty, all top-level namespaces should be listed.
-            If parent is a multipart namespace, the parts must be separated by the null byte.
+            If parent is a multipart namespace, the parts must be separated by the unit separator (`0x1F`) byte.

Review Comment:
   @danielcweeks, there are more instances of `%00` in this file.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] kbendick commented on pull request #4975: Update REST namespace separator to use unit separator char

Posted by GitBox <gi...@apache.org>.

kbendick commented on PR #4975:
URL: https://github.com/apache/iceberg/pull/4975#issuecomment-1150428085

   Belated +1. We'd discussed this offline. Thanks @danielcweeks!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org