You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by sz...@apache.org on 2019/11/25 14:04:11 UTC
[hive] branch master updated (1e09f07 -> baaf082)
This is an automated email from the ASF dual-hosted git repository.
szita pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git.
from 1e09f07 HIVE-22533: Fix possible LLAP daemon web UI vulnerabilities (WIP)
new 783824c Revert "Adam llap dev" (unintentional commit)
new baaf082 Revert "HIVE-22533: Fix possible LLAP daemon web UI vulnerabilities (WIP)" (unintentional commit)
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../java/org/apache/hadoop/hive/conf/HiveConf.java | 4 -
.../src/java/org/apache/hive/http/HttpServer.java | 19 +-
data/conf/llap/hive-site.xml | 738 ++++++++++-----------
.../llap/daemon/services/impl/LlapWebServices.java | 7 -
.../daemon/services/impl/TestLlapWebServices.java | 39 +-
.../hive/service/server/TestHS2HttpServer.java | 23 +-
6 files changed, 365 insertions(+), 465 deletions(-)
[hive] 01/02: Revert "Adam llap dev" (unintentional commit)
Posted by sz...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
szita pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
commit 783824cd28b6f389296645de00d66c41b990b32e
Author: Adam Szita <sz...@cloudera.com>
AuthorDate: Mon Nov 25 15:01:01 2019 +0100
Revert "Adam llap dev" (unintentional commit)
This reverts commit 2f2c4988ff3ccf92b78b0a8f9c0890d951309f21.
---
data/conf/llap/hive-site.xml | 738 +++++++++++++++++++++----------------------
1 file changed, 354 insertions(+), 384 deletions(-)
diff --git a/data/conf/llap/hive-site.xml b/data/conf/llap/hive-site.xml
index 3db7ea7..0c5d030 100644
--- a/data/conf/llap/hive-site.xml
+++ b/data/conf/llap/hive-site.xml
@@ -19,388 +19,358 @@
<configuration>
- <property>
- <name>hive.in.test</name>
- <value>true</value>
- <description>Internal marker for test. Used for masking env-dependent values</description>
- </property>
-
- <!-- Hive Configuration can either be stored in this file or in the hadoop configuration files -->
- <!-- that are implied by Hadoop setup variables. -->
- <!-- Aside from Hadoop setup variables - this file is provided as a convenience so that Hive -->
- <!-- users do not have to edit hadoop configuration files (that may be managed as a centralized -->
- <!-- resource). -->
-
- <!-- Hive Execution Parameters -->
- <property>
- <name>hadoop.tmp.dir</name>
- <value>${test.tmp.dir}/hadoop-tmp</value>
- <description>A base for other temporary directories.</description>
- </property>
-
- <property>
- <name>hive.tez.container.size</name>
- <value>128</value>
- <description></description>
- </property>
-
- <property>
- <name>hive.stats.fetch.column.stats</name>
- <value>true</value>
- <description>Use column stats to annotate stats for physical optimization phase</description>
- </property>
-
- <property>
- <name>hive.merge.tezfiles</name>
- <value>false</value>
- <description>Merge small files at the end of a Tez DAG</description>
- </property>
-
- <property>
- <name>hive.tez.input.format</name>
- <value>org.apache.hadoop.hive.ql.io.HiveInputFormat</value>
- <description>The default input format for tez. Tez groups splits in the AM.</description>
- </property>
-
- <property>
- <name>hive.exec.scratchdir</name>
- <value>${test.tmp.dir}/scratchdir</value>
- <description>Scratch space for Hive jobs</description>
- </property>
-
- <property>
- <name>hive.exec.local.scratchdir</name>
- <value>${test.tmp.dir}/localscratchdir/</value>
- <description>Local scratch space for Hive jobs</description>
- </property>
-
- <property>
- <name>datanucleus.schema.autoCreateAll</name>
- <value>true</value>
- </property>
-
- <property>
- <name>hive.metastore.schema.verification</name>
- <value>false</value>
- </property>
-
- <property>
- <name>javax.jdo.option.ConnectionURL</name>
- <value>jdbc:derby:;databaseName=/Users/szita/data/hive3/junit_metastore_db;create=true</value>
- </property>
-
- <property>
- <name>javax.jdo.option.ConnectionDriverName</name>
- <value>org.apache.derby.jdbc.EmbeddedDriver</value>
- </property>
-
- <property>
- <name>javax.jdo.option.ConnectionUserName</name>
- <value>APP</value>
- </property>
-
- <property>
- <name>javax.jdo.option.ConnectionPassword</name>
- <value>mine</value>
- </property>
-
- <property>
- <!-- this should eventually be deprecated since the metastore should supply this -->
- <name>hive.metastore.warehouse.dir</name>
- <value>${test.warehouse.dir}</value>
- <description></description>
- </property>
-
- <property>
- <name>hive.metastore.metadb.dir</name>
- <value>file://${test.tmp.dir}/metadb/</value>
- <description>
- Required by metastore server or if the uris argument below is not supplied
- </description>
- </property>
-
- <property>
- <name>test.log.dir</name>
- <value>${test.tmp.dir}/log/</value>
- <description></description>
- </property>
-
- <property>
- <name>test.data.files</name>
- <value>${hive.root}/data/files</value>
- <description></description>
- </property>
-
- <property>
- <name>test.data.scripts</name>
- <value>${hive.root}/data/scripts</value>
- <description></description>
- </property>
-
- <property>
- <name>hive.jar.path</name>
- <value>${maven.local.repository}/org/apache/hive/hive-exec/${hive.version}/hive-exec-${hive.version}.jar</value>
- <description></description>
- </property>
-
- <property>
- <name>hive.metastore.rawstore.impl</name>
- <value>org.apache.hadoop.hive.metastore.ObjectStore</value>
- <description>Name of the class that implements org.apache.hadoop.hive.metastore.rawstore interface. This class is used to store and retrieval of raw metadata objects such as table, database</description>
- </property>
-
- <property>
- <name>hive.querylog.location</name>
- <value>${test.tmp.dir}/tmp</value>
- <description>Location of the structured hive logs</description>
- </property>
-
- <property>
- <name>hive.exec.pre.hooks</name>
- <value>org.apache.hadoop.hive.ql.hooks.PreExecutePrinter, org.apache.hadoop.hive.ql.hooks.EnforceReadOnlyTables</value>
- <description>Pre Execute Hook for Tests</description>
- </property>
-
- <property>
- <name>hive.exec.post.hooks</name>
- <value>org.apache.hadoop.hive.ql.hooks.PostExecutePrinter, org.apache.hadoop.hive.ql.hooks.RuntimeStatsPersistenceCheckerHook, org.apache.hadoop.hive.ql.hooks.NoOperatorReuseCheckerHook</value>
- <description>Post Execute Hook for Tests</description>
- </property>
-
- <property>
- <name>hive.support.concurrency</name>
- <value>false</value>
- <description>Whether hive supports concurrency or not. A zookeeper instance must be up and running for the default hive lock manager to support read-write locks.</description>
- </property>
-
- <property>
- <name>fs.pfile.impl</name>
- <value>org.apache.hadoop.fs.ProxyLocalFileSystem</value>
- <description>A proxy for local file system used for cross file system testing</description>
- </property>
-
- <property>
- <name>hive.exec.mode.local.auto</name>
- <value>false</value>
- <description>
- Let hive determine whether to run in local mode automatically
- Disabling this for tests so that minimr is not affected
- </description>
- </property>
-
- <property>
- <name>hive.auto.convert.join</name>
- <value>false</value>
- <description>Whether Hive enable the optimization about converting common join into mapjoin based on the input file size</description>
- </property>
-
- <property>
- <name>hive.ignore.mapjoin.hint</name>
- <value>true</value>
- <description>Whether Hive ignores the mapjoin hint</description>
- </property>
-
- <property>
- <name>io.sort.mb</name>
- <value>10</value>
- </property>
-
- <property>
- <name>hive.input.format</name>
- <value>org.apache.hadoop.hive.ql.io.CombineHiveInputFormat</value>
- <description>The default input format, if it is not specified, the system assigns it. It is set to HiveInputFormat for hadoop versions 17, 18 and 19, whereas it is set to CombineHiveInputFormat for hadoop 20. The user can always overwrite it - if there is a bug in CombineHiveInputFormat, it can always be manually set to HiveInputFormat. </description>
- </property>
-
- <property>
- <name>hive.default.rcfile.serde</name>
- <value>org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe</value>
- <description>The default SerDe hive will use for the rcfile format</description>
- </property>
-
- <property>
- <name>hive.stats.dbclass</name>
- <value>fs</value>
- <description>The default storatge that stores temporary hive statistics. Currently, fs type is supported</description>
- </property>
-
- <property>
- <name>hive.execution.engine</name>
- <value>tez</value>
- <description>Whether to use MR or Tez</description>
- </property>
-
- <property>
- <name>tez.am.node-blacklisting.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>hive.prewarm.enabled</name>
- <value>false</value>
- <description>
- Enables container prewarm for tez (hadoop 2 only)
- </description>
- </property>
- <property>
- <name>hive.in.tez.test</name>
- <value>true</value>
- <description>
- Indicates that we are in tez testing mode.
- </description>
- </property>
-
- <property>
- <name>hive.execution.mode</name>
- <value>llap</value>
- </property>
-
- <!--property>
- This is determined by the cluster type, and is set in code - HadoopShims, etc.
- <name>hive.llap.execution.mode</name>
- <value>all</value>
- </property-->
-
- <property>
- <name>hive.tez.java.opts</name>
- <value> -Dlog4j.configurationFile=tez-container-log4j2.properties -Dtez.container.log.level=INFO -Dtez.container.root.logger=CLA </value>
- </property>
-
- <property>
- <name>tez.am.launch.cmd-opts</name>
- <value> -Dlog4j.configurationFile=tez-container-log4j2.properties -Dtez.container.log.level=INFO -Dtez.container.root.logger=CLA </value>
- </property>
-
- <property>
- <name>hive.llap.cache.allow.synthetic.fileid</name>
- <value>true</value>
- </property>
-
- <property>
- <name>hive.llap.io.allocator.direct</name>
- <value>false</value>
- </property>
-
- <property>
- <name>hive.explain.user</name>
- <value>false</value>
- </property>
-
- <property>
- <name>hive.join.inner.residual</name>
- <value>true</value>
- </property>
-
- <!-- llap properties -->
-
- <property>
- <name>hive.llap.daemon.service.hosts</name>
- <value>localhost</value>
- </property>
-
- <property>
- <name>hive.llap.daemon.service.port</name>
- <value>0</value>
- </property>
-
- <property>
- <name>hive.llap.daemon.num.executors</name>
- <value>4</value>
- </property>
-
- <property>
- <name>hive.llap.daemon.task.scheduler.wait.queue.size</name>
- <value>4</value>
- </property>
-
- <property>
- <name>hive.llap.cache.allow.synthetic.fileid</name>
- <value>true</value>
- </property>
-
- <!-- hadoop IPC options -->
- <property>
- <name>ipc.client.low-latency</name>
- <value>true</value>
- <description> </description>
- </property>
- <property>
- <name>ipc.client.tcpnodelay</name>
- <value>true</value>
- <description> </description>
- </property>
- <property>
- <name>ipc.clients-per-factory</name>
- <value>4</value>
- <description> </description>
- </property>
- <property>
- <name>hive.stats.fetch.bitvector</name>
- <value>true</value>
- </property>
-
- <property>
- <name>hive.tez.cartesian-product.enabled</name>
- <value>true</value>
- </property>
-
- <property>
- <name>yarn.nodemanager.disk-health-checker.max-disk-utilization-per-disk-percentage</name>
- <value>99</value>
- </property>
-
- <property>
- <name>hive.query.results.cache.enabled</name>
- <value>false</value>
- </property>
-
- <property>
- <name>tez.counters.max</name>
- <value>1024</value>
- </property>
-
- <property>
- <name>hive.query.reexecution.stats.persist.scope</name>
- <value>query</value>
- </property>
-
- <property>
- <name>hive.semantic.analyzer.hook</name>
- <value>org.apache.hadoop.hive.ql.hooks.ScheduledQueryCreationRegistryHook</value>
- </property>
-
- <property>
- <name>hive.llap.daemon.web.port</name>
- <value>25002</value>
- </property>
- <property>
- <name>hive.llap.io.memory.size</name>
- <value>1024Mb</value>
- </property>
- <property>
- <name>tez.grouping.max-size</name>
- <value>512000000</value>
- </property>
-
- <property>
- <name>tez.grouping.min-size</name>
- <value>1024</value>
- </property>
-
- <property>
- <name>mapreduce.input.fileinputformat.split.maxsize</name>
- <value>40</value>
- </property>
-
- <property>
- <name>mapreduce.input.fileinputformat.split.minsize</name>
- <value>40</value>
- </property>
- <property>
- <name>tez.am.launch.cmd-opts</name>
- <value>-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5006,quiet=y</value>
- </property>
- <!--<property>-->
- <!--<name>hive.llap.io.threadpool.size</name>-->
- <!--<value>1</value>-->
- <!--</property>-->
+<property>
+ <name>hive.in.test</name>
+ <value>true</value>
+ <description>Internal marker for test. Used for masking env-dependent values</description>
+</property>
+
+<!-- Hive Configuration can either be stored in this file or in the hadoop configuration files -->
+<!-- that are implied by Hadoop setup variables. -->
+<!-- Aside from Hadoop setup variables - this file is provided as a convenience so that Hive -->
+<!-- users do not have to edit hadoop configuration files (that may be managed as a centralized -->
+<!-- resource). -->
+
+<!-- Hive Execution Parameters -->
+<property>
+ <name>hadoop.tmp.dir</name>
+ <value>${test.tmp.dir}/hadoop-tmp</value>
+ <description>A base for other temporary directories.</description>
+</property>
+
+<property>
+ <name>hive.tez.container.size</name>
+ <value>128</value>
+ <description></description>
+</property>
+
+<property>
+ <name>hive.stats.fetch.column.stats</name>
+ <value>true</value>
+ <description>Use column stats to annotate stats for physical optimization phase</description>
+</property>
+
+<property>
+ <name>hive.merge.tezfiles</name>
+ <value>false</value>
+ <description>Merge small files at the end of a Tez DAG</description>
+</property>
+
+<property>
+ <name>hive.tez.input.format</name>
+ <value>org.apache.hadoop.hive.ql.io.HiveInputFormat</value>
+ <description>The default input format for tez. Tez groups splits in the AM.</description>
+</property>
+
+<property>
+ <name>hive.exec.scratchdir</name>
+ <value>${test.tmp.dir}/scratchdir</value>
+ <description>Scratch space for Hive jobs</description>
+</property>
+
+<property>
+ <name>hive.exec.local.scratchdir</name>
+ <value>${test.tmp.dir}/localscratchdir/</value>
+ <description>Local scratch space for Hive jobs</description>
+</property>
+
+<property>
+ <name>datanucleus.schema.autoCreateAll</name>
+ <value>true</value>
+</property>
+
+<property>
+ <name>datanucleus.connectionPool.maxPoolSize</name>
+ <value>4</value>
+</property>
+
+<property>
+ <name>hive.metastore.schema.verification</name>
+ <value>false</value>
+</property>
+
+<property>
+ <name>javax.jdo.option.ConnectionURL</name>
+ <value>jdbc:derby:memory:${test.tmp.dir}/junit_metastore_db;create=true</value>
+</property>
+
+<property>
+ <name>javax.jdo.option.ConnectionDriverName</name>
+ <value>org.apache.derby.jdbc.EmbeddedDriver</value>
+</property>
+
+<property>
+ <name>javax.jdo.option.ConnectionUserName</name>
+ <value>APP</value>
+</property>
+
+<property>
+ <name>javax.jdo.option.ConnectionPassword</name>
+ <value>mine</value>
+</property>
+
+<property>
+ <!-- this should eventually be deprecated since the metastore should supply this -->
+ <name>hive.metastore.warehouse.dir</name>
+ <value>${test.warehouse.dir}</value>
+ <description></description>
+</property>
+
+<property>
+ <name>hive.metastore.metadb.dir</name>
+ <value>file://${test.tmp.dir}/metadb/</value>
+ <description>
+ Required by metastore server or if the uris argument below is not supplied
+ </description>
+</property>
+
+<property>
+ <name>test.log.dir</name>
+ <value>${test.tmp.dir}/log/</value>
+ <description></description>
+</property>
+
+<property>
+ <name>test.data.files</name>
+ <value>${hive.root}/data/files</value>
+ <description></description>
+</property>
+
+<property>
+ <name>test.data.scripts</name>
+ <value>${hive.root}/data/scripts</value>
+ <description></description>
+</property>
+
+<property>
+ <name>hive.jar.path</name>
+ <value>${maven.local.repository}/org/apache/hive/hive-exec/${hive.version}/hive-exec-${hive.version}.jar</value>
+ <description></description>
+</property>
+
+<property>
+ <name>hive.metastore.rawstore.impl</name>
+ <value>org.apache.hadoop.hive.metastore.ObjectStore</value>
+ <description>Name of the class that implements org.apache.hadoop.hive.metastore.rawstore interface. This class is used to store and retrieval of raw metadata objects such as table, database</description>
+</property>
+
+<property>
+ <name>hive.querylog.location</name>
+ <value>${test.tmp.dir}/tmp</value>
+ <description>Location of the structured hive logs</description>
+</property>
+
+<property>
+ <name>hive.exec.pre.hooks</name>
+ <value>org.apache.hadoop.hive.ql.hooks.PreExecutePrinter, org.apache.hadoop.hive.ql.hooks.EnforceReadOnlyTables</value>
+ <description>Pre Execute Hook for Tests</description>
+</property>
+
+<property>
+ <name>hive.exec.post.hooks</name>
+ <value>org.apache.hadoop.hive.ql.hooks.PostExecutePrinter, org.apache.hadoop.hive.ql.hooks.RuntimeStatsPersistenceCheckerHook, org.apache.hadoop.hive.ql.hooks.NoOperatorReuseCheckerHook</value>
+ <description>Post Execute Hook for Tests</description>
+</property>
+
+<property>
+ <name>hive.support.concurrency</name>
+ <value>false</value>
+ <description>Whether hive supports concurrency or not. A zookeeper instance must be up and running for the default hive lock manager to support read-write locks.</description>
+</property>
+
+<property>
+ <name>fs.pfile.impl</name>
+ <value>org.apache.hadoop.fs.ProxyLocalFileSystem</value>
+ <description>A proxy for local file system used for cross file system testing</description>
+</property>
+
+<property>
+ <name>hive.exec.mode.local.auto</name>
+ <value>false</value>
+ <description>
+ Let hive determine whether to run in local mode automatically
+ Disabling this for tests so that minimr is not affected
+ </description>
+</property>
+
+<property>
+ <name>hive.auto.convert.join</name>
+ <value>false</value>
+ <description>Whether Hive enable the optimization about converting common join into mapjoin based on the input file size</description>
+</property>
+
+<property>
+ <name>hive.ignore.mapjoin.hint</name>
+ <value>true</value>
+ <description>Whether Hive ignores the mapjoin hint</description>
+</property>
+
+<property>
+ <name>io.sort.mb</name>
+ <value>10</value>
+</property>
+
+<property>
+ <name>hive.input.format</name>
+ <value>org.apache.hadoop.hive.ql.io.CombineHiveInputFormat</value>
+ <description>The default input format, if it is not specified, the system assigns it. It is set to HiveInputFormat for hadoop versions 17, 18 and 19, whereas it is set to CombineHiveInputFormat for hadoop 20. The user can always overwrite it - if there is a bug in CombineHiveInputFormat, it can always be manually set to HiveInputFormat. </description>
+</property>
+
+<property>
+ <name>hive.default.rcfile.serde</name>
+ <value>org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe</value>
+ <description>The default SerDe hive will use for the rcfile format</description>
+</property>
+
+<property>
+ <name>hive.stats.dbclass</name>
+ <value>fs</value>
+ <description>The default storatge that stores temporary hive statistics. Currently, fs type is supported</description>
+</property>
+
+<property>
+ <name>hive.execution.engine</name>
+ <value>tez</value>
+ <description>Whether to use MR or Tez</description>
+</property>
+
+<property>
+ <name>tez.am.node-blacklisting.enabled</name>
+ <value>false</value>
+</property>
+
+<property>
+ <name>hive.prewarm.enabled</name>
+ <value>false</value>
+ <description>
+ Enables container prewarm for tez (hadoop 2 only)
+ </description>
+</property>
+<property>
+ <name>hive.in.tez.test</name>
+ <value>true</value>
+ <description>
+ Indicates that we are in tez testing mode.
+ </description>
+</property>
+
+<property>
+ <name>hive.execution.mode</name>
+ <value>llap</value>
+</property>
+
+<!--property>
+ This is determined by the cluster type, and is set in code - HadoopShims, etc.
+ <name>hive.llap.execution.mode</name>
+ <value>all</value>
+</property-->
+
+<property>
+ <name>hive.tez.java.opts</name>
+ <value> -Dlog4j.configurationFile=tez-container-log4j2.properties -Dtez.container.log.level=INFO -Dtez.container.root.logger=CLA </value>
+</property>
+
+<property>
+ <name>tez.am.launch.cmd-opts</name>
+ <value> -Dlog4j.configurationFile=tez-container-log4j2.properties -Dtez.container.log.level=INFO -Dtez.container.root.logger=CLA </value>
+</property>
+
+<property>
+ <name>hive.llap.cache.allow.synthetic.fileid</name>
+ <value>true</value>
+</property>
+
+<property>
+ <name>hive.llap.io.allocator.direct</name>
+ <value>false</value>
+</property>
+
+<property>
+ <name>hive.explain.user</name>
+ <value>false</value>
+</property>
+
+<property>
+ <name>hive.join.inner.residual</name>
+ <value>true</value>
+</property>
+
+<!-- llap properties -->
+
+<property>
+ <name>hive.llap.daemon.service.hosts</name>
+ <value>localhost</value>
+</property>
+
+<property>
+ <name>hive.llap.daemon.service.port</name>
+ <value>0</value>
+</property>
+
+<property>
+ <name>hive.llap.daemon.num.executors</name>
+ <value>4</value>
+</property>
+
+<property>
+ <name>hive.llap.daemon.task.scheduler.wait.queue.size</name>
+ <value>4</value>
+</property>
+
+<property>
+ <name>hive.llap.cache.allow.synthetic.fileid</name>
+ <value>true</value>
+</property>
+
+<!-- hadoop IPC options -->
+<property>
+ <name>ipc.client.low-latency</name>
+ <value>true</value>
+ <description> </description>
+</property>
+<property>
+ <name>ipc.client.tcpnodelay</name>
+ <value>true</value>
+ <description> </description>
+</property>
+<property>
+ <name>ipc.clients-per-factory</name>
+ <value>4</value>
+ <description> </description>
+</property>
+<property>
+ <name>hive.stats.fetch.bitvector</name>
+ <value>true</value>
+</property>
+
+<property>
+ <name>hive.tez.cartesian-product.enabled</name>
+ <value>true</value>
+</property>
+
+<property>
+ <name>yarn.nodemanager.disk-health-checker.max-disk-utilization-per-disk-percentage</name>
+ <value>99</value>
+</property>
+
+<property>
+ <name>hive.query.results.cache.enabled</name>
+ <value>false</value>
+</property>
+
+<property>
+ <name>tez.counters.max</name>
+ <value>1024</value>
+</property>
+
+<property>
+ <name>hive.query.reexecution.stats.persist.scope</name>
+ <value>query</value>
+</property>
+
+<property>
+ <name>hive.semantic.analyzer.hook</name>
+ <value>org.apache.hadoop.hive.ql.hooks.ScheduledQueryCreationRegistryHook</value>
+</property>
+
</configuration>
[hive] 02/02: Revert "HIVE-22533: Fix possible LLAP daemon web UI
vulnerabilities (WIP)" (unintentional commit)
Posted by sz...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
szita pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
commit baaf082b1f3974a5f49c0cb7187ce9d2ab038e89
Author: Adam Szita <sz...@cloudera.com>
AuthorDate: Mon Nov 25 15:00:38 2019 +0100
Revert "HIVE-22533: Fix possible LLAP daemon web UI vulnerabilities (WIP)" (unintentional commit)
This reverts commit 1e09f07afc421b3afa3a921a870d69c8b470a356.
---
.../java/org/apache/hadoop/hive/conf/HiveConf.java | 4 ---
.../src/java/org/apache/hive/http/HttpServer.java | 19 ++---------
.../llap/daemon/services/impl/LlapWebServices.java | 7 ----
.../daemon/services/impl/TestLlapWebServices.java | 39 +++-------------------
.../hive/service/server/TestHS2HttpServer.java | 23 +++----------
5 files changed, 11 insertions(+), 81 deletions(-)
diff --git a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
index 4393a28..cfc9091 100644
--- a/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
+++ b/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java
@@ -4517,10 +4517,6 @@ public class HiveConf extends Configuration {
"llap.daemon.service.port"),
LLAP_DAEMON_WEB_SSL("hive.llap.daemon.web.ssl", false,
"Whether LLAP daemon web UI should use SSL.", "llap.daemon.service.ssl"),
- LLAP_DAEMON_WEB_XFRAME_ENABLED("hive.llap.daemon.web.xframe.enabled", true,
- "Whether to enable xframe on LLAP daemon webUI\n"),
- LLAP_DAEMON_WEB_XFRAME_VALUE("hive.llap.daemon.web.xframe.value", "SAMEORIGIN",
- "Configuration to allow the user to set the x_frame-options value\n"),
LLAP_CLIENT_CONSISTENT_SPLITS("hive.llap.client.consistent.splits", true,
"Whether to setup split locations to match nodes on which llap daemons are running, " +
"instead of using the locations provided by the split itself. If there is no llap daemon " +
diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java
index 52253f9..b3ce8da 100644
--- a/common/src/java/org/apache/hive/http/HttpServer.java
+++ b/common/src/java/org/apache/hive/http/HttpServer.java
@@ -169,7 +169,6 @@ public class HttpServer {
private XFrameOption xFrameOption = XFrameOption.SAMEORIGIN;
private final List<Pair<String, Class<? extends HttpServlet>>> servlets =
new LinkedList<Pair<String, Class<? extends HttpServlet>>>();
- private boolean disableDirListing = false;
public Builder(String name) {
Preconditions.checkArgument(name != null && !name.isEmpty(), "Name must be specified");
@@ -305,10 +304,6 @@ public class HttpServer {
this.xFrameOption = XFrameOption.getEnum(option);
return this;
}
-
- public void setDisableDirListing(boolean disableDirListing) {
- this.disableDirListing = disableDirListing;
- }
}
public void start() throws Exception {
@@ -582,14 +577,10 @@ public class HttpServer {
}
Map<String, String> xFrameParams = setHeaders();
- if (b.xFrameEnabled) {
+ if(b.xFrameEnabled){
setupXframeFilter(b,xFrameParams);
}
- if (b.disableDirListing) {
- disableDirectoryListingOnServlet(webAppContext);
- }
-
initializeWebServer(b, threadPool.getMaxThreads());
}
@@ -620,7 +611,7 @@ public class HttpServer {
webServer.setHandler(contexts);
- if (b.usePAM) {
+ if(b.usePAM){
setupPam(b, contexts);
}
@@ -655,7 +646,6 @@ public class HttpServer {
staticCtx.setResourceBase(appDir + "/static");
staticCtx.addServlet(DefaultServlet.class, "/*");
staticCtx.setDisplayName("static");
- disableDirectoryListingOnServlet(staticCtx);
String logDir = getLogDir(b.conf);
if (logDir != null) {
@@ -759,11 +749,6 @@ public class HttpServer {
webAppContext.addServlet(holder, pathSpec);
}
-
- private static void disableDirectoryListingOnServlet(ServletContextHandler contextHandler) {
- contextHandler.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
- }
-
/**
* The X-FRAME-OPTIONS header in HTTP response to mitigate clickjacking
* attack.
diff --git a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/services/impl/LlapWebServices.java b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/services/impl/LlapWebServices.java
index 59bdf53..3c124f9 100644
--- a/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/services/impl/LlapWebServices.java
+++ b/llap-server/src/java/org/apache/hadoop/hive/llap/daemon/services/impl/LlapWebServices.java
@@ -83,13 +83,6 @@ public class LlapWebServices extends AbstractService {
HttpServer.Builder builder =
new HttpServer.Builder("llap").setPort(this.port).setHost(bindAddress);
builder.setConf(new HiveConf(conf, HiveConf.class));
- builder.setDisableDirListing(true);
- if (conf.getBoolean(ConfVars.LLAP_DAEMON_WEB_XFRAME_ENABLED.varname,
- ConfVars.LLAP_DAEMON_WEB_XFRAME_ENABLED.defaultBoolVal)) {
- builder.configureXFrame(true).setXFrameOption(
- conf.get(ConfVars.LLAP_DAEMON_WEB_XFRAME_VALUE.varname,
- ConfVars.LLAP_DAEMON_WEB_XFRAME_VALUE.defaultStrVal));
- }
if (UserGroupInformation.isSecurityEnabled()) {
LOG.info("LLAP UI useSSL=" + this.useSSL + ", auto-auth/SPNEGO="
+ this.useSPNEGO + ", port=" + this.port);
diff --git a/llap-server/src/test/org/apache/hadoop/hive/llap/daemon/services/impl/TestLlapWebServices.java b/llap-server/src/test/org/apache/hadoop/hive/llap/daemon/services/impl/TestLlapWebServices.java
index 5df6ea8..698a56e 100644
--- a/llap-server/src/test/org/apache/hadoop/hive/llap/daemon/services/impl/TestLlapWebServices.java
+++ b/llap-server/src/test/org/apache/hadoop/hive/llap/daemon/services/impl/TestLlapWebServices.java
@@ -27,12 +27,6 @@ import java.io.StringWriter;
import java.net.HttpURLConnection;
import java.net.URL;
-import com.google.common.collect.ImmutableSet;
-
-import static java.net.HttpURLConnection.HTTP_FORBIDDEN;
-import static java.net.HttpURLConnection.HTTP_OK;
-import static org.junit.Assert.assertNotNull;
-
public class TestLlapWebServices {
private static LlapWebServices llapWS = null;
@@ -51,43 +45,18 @@ public class TestLlapWebServices {
@Test
public void testContextRootUrlRewrite() throws Exception {
String contextRootURL = "http://localhost:" + llapWSPort + "/";
- String contextRootContent = getURLResponseAsString(contextRootURL, HTTP_OK);
+ String contextRootContent = getURLResponseAsString(contextRootURL);
String indexHtmlUrl = "http://localhost:" + llapWSPort + "/index.html";
- String indexHtmlContent = getURLResponseAsString(indexHtmlUrl, HTTP_OK);
+ String indexHtmlContent = getURLResponseAsString(indexHtmlUrl);
Assert.assertEquals(contextRootContent, indexHtmlContent);
}
- @Test
- public void testDirListingDisabled() throws Exception {
- for (String folder : ImmutableSet.of("images", "js", "css")) {
- String url = "http://localhost:" + llapWSPort + "/" + folder;
- getURLResponseAsString(url, HTTP_FORBIDDEN);
- }
- }
-
- @Test
- public void testBaseUrlResponseHeader() throws Exception{
- String baseURL = "http://localhost:" + llapWSPort + "/";
- URL url = new URL(baseURL);
- HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
- String xXSSProtectionHeader = conn.getHeaderField("X-XSS-Protection");
- String xContentTypeHeader = conn.getHeaderField("X-Content-Type-Options");
- assertNotNull(xfoHeader);
- assertNotNull(xXSSProtectionHeader);
- assertNotNull(xContentTypeHeader);
- }
-
- private static String getURLResponseAsString(String baseURL, int expectedStatus)
- throws IOException {
+ private String getURLResponseAsString(String baseURL) throws IOException {
URL url = new URL(baseURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- Assert.assertEquals(expectedStatus, conn.getResponseCode());
- if (expectedStatus != HTTP_OK) {
- return null;
- }
+ Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
StringWriter writer = new StringWriter();
IOUtils.copy(conn.getInputStream(), writer, "UTF-8");
return writer.toString();
diff --git a/service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java b/service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java
index 6c50e81..3047443 100644
--- a/service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java
+++ b/service/src/test/org/apache/hive/service/server/TestHS2HttpServer.java
@@ -20,7 +20,6 @@ package org.apache.hive.service.server;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
-
import org.apache.commons.io.IOUtils;
import org.apache.hadoop.hive.conf.HiveConf;
import org.apache.hadoop.hive.conf.HiveConf.ConfVars;
@@ -51,8 +50,6 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
-import static java.net.HttpURLConnection.HTTP_FORBIDDEN;
-import static java.net.HttpURLConnection.HTTP_OK;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
@@ -113,7 +110,7 @@ public class TestHS2HttpServer {
String baseURL = "http://localhost:" + webUIPort + "/stacks";
URL url = new URL(baseURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- Assert.assertEquals(HTTP_OK, conn.getResponseCode());
+ Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
BufferedReader reader =
new BufferedReader(new InputStreamReader(conn.getInputStream()));
boolean contents = false;
@@ -139,27 +136,17 @@ public class TestHS2HttpServer {
assertNotNull(xContentTypeHeader);
}
- @Test
- public void testDirListingDisabledOnStaticServlet() throws Exception {
- String url = "http://localhost:" + webUIPort + "/static";
- getReaderForUrl(url, HTTP_FORBIDDEN);
- }
-
- private BufferedReader getReaderForUrl(String urlString, int expectedStatus) throws Exception {
+ private BufferedReader getReaderForUrl(String urlString) throws Exception {
URL url = new URL(urlString);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- Assert.assertEquals(expectedStatus, conn.getResponseCode());
- if (expectedStatus != HTTP_OK) {
- return null;
- }
-
+ Assert.assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode());
BufferedReader reader =
new BufferedReader(new InputStreamReader(conn.getInputStream()));
return reader;
}
private String readFromUrl(String urlString) throws Exception {
- BufferedReader reader = getReaderForUrl(urlString, HTTP_OK);
+ BufferedReader reader = getReaderForUrl(urlString);
StringBuilder response = new StringBuilder();
String inputLine;
@@ -319,7 +306,7 @@ public class TestHS2HttpServer {
private String getURLResponseAsString(String baseURL) throws IOException {
URL url = new URL(baseURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- Assert.assertEquals("Got an HTTP response code other thank OK.", HTTP_OK, conn.getResponseCode());
+ Assert.assertEquals("Got an HTTP response code other thank OK.", HttpURLConnection.HTTP_OK, conn.getResponseCode());
StringWriter writer = new StringWriter();
IOUtils.copy(conn.getInputStream(), writer, "UTF-8");
return writer.toString();