You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Tsz Wo (Nicholas), SZE (JIRA)" <ji...@apache.org> on 2009/05/13 21:14:46 UTC
[jira] Created: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Fix findbugs warnings for http related codes in hdfs
----------------------------------------------------
Key: HADOOP-5820
URL: https://issues.apache.org/jira/browse/HADOOP-5820
Project: Hadoop Core
Issue Type: Bug
Components: dfs
Reporter: Tsz Wo (Nicholas), SZE
There are a few findbugs warnings:
- HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
- XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
- XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
- XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
- XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
- XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Tsz Wo (Nicholas), SZE (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709631#action_12709631 ]
Tsz Wo (Nicholas), SZE commented on HADOOP-5820:
------------------------------------------------
{noformat}
[exec] -1 overall.
[exec]
[exec] +1 @author. The patch does not contain any @author tags.
[exec]
[exec] -1 tests included. The patch doesn't appear to include any new or modified tests.
[exec] Please justify why no tests are needed for this patch.
[exec]
[exec] +1 javadoc. The javadoc tool did not generate any warning messages.
[exec]
[exec] +1 javac. The applied patch does not increase the total number of javac compiler warnings.
[exec]
[exec] +1 findbugs. The patch does not introduce any new Findbugs warnings.
[exec]
[exec] +1 Eclipse classpath. The patch retains Eclipse classpath integrity.
[exec]
[exec] +1 release audit. The applied patch does not increase the total number of release audit warnings.
{noformat}
No new tests added since we don't test web components by unit tests.
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.21.0
>
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709237#action_12709237 ]
Jakob Homan commented on HADOOP-5820:
-------------------------------------
+1, looks good.
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Tsz Wo (Nicholas), SZE (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tsz Wo (Nicholas), SZE updated HADOOP-5820:
-------------------------------------------
Fix Version/s: 0.21.0
Assignee: Tsz Wo (Nicholas), SZE
Status: Patch Available (was: Open)
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.21.0
>
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Tsz Wo (Nicholas), SZE (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tsz Wo (Nicholas), SZE updated HADOOP-5820:
-------------------------------------------
Resolution: Fixed
Status: Resolved (was: Patch Available)
I tested the web pages manually. Everything is working fine.
I have committed this.
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Assignee: Tsz Wo (Nicholas), SZE
> Fix For: 0.21.0
>
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Jakob Homan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jakob Homan updated HADOOP-5820:
--------------------------------
Hadoop Flags: [Reviewed]
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
Posted by "Tsz Wo (Nicholas), SZE (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tsz Wo (Nicholas), SZE updated HADOOP-5820:
-------------------------------------------
Attachment: 5820_20090513.patch
5820_20090513.patch: fix findbugs warnings.
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.