You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Jakob Homan (JIRA)" <ji...@apache.org> on 2009/05/14 03:14:45 UTC
[jira] Commented: (HADOOP-5820) Fix findbugs warnings for http
related codes in hdfs
[ https://issues.apache.org/jira/browse/HADOOP-5820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12709237#action_12709237 ]
Jakob Homan commented on HADOOP-5820:
-------------------------------------
+1, looks good.
> Fix findbugs warnings for http related codes in hdfs
> ----------------------------------------------------
>
> Key: HADOOP-5820
> URL: https://issues.apache.org/jira/browse/HADOOP-5820
> Project: Hadoop Core
> Issue Type: Bug
> Components: dfs
> Reporter: Tsz Wo (Nicholas), SZE
> Attachments: 5820_20090513.patch
>
>
> There are a few findbugs warnings:
> - HRS HTTP parameter directly written to HTTP header output in org.apache.hadoop.hdfs.server.namenode.StreamFile.doGet(HttpServletRequest, HttpServletResponse)
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseBlock_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.browseDirectory_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
> - XSS HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.hdfs.server.datanode.tail_jsp
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.