You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hawq.apache.org by hornn <gi...@git.apache.org> on 2015/11/25 23:52:54 UTC

[GitHub] incubator-hawq pull request: Hawq 189

GitHub user hornn opened a pull request:

    https://github.com/apache/incubator-hawq/pull/136

    Hawq 189

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/hornn/incubator-hawq HAWQ-189

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-hawq/pull/136.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #136
    
----
commit e48dfffbe27a1d6ce07bbf2333d6e98f1e8d029e
Author: Noa Horn <nh...@pivotal.io>
Date:   2015-11-25T18:14:21Z

    HAWQ-189. Replace all non-alpha-numeric characters in returned message to avoid cross-site scripting
    
    The recommendation to avoid XSS is to validate the input. Because the path can be of any format, depending on the custom plugins used, no generic validation is possible at the entry point. Instead we chose to make sure that the returned ok message is safe by replacing all special characters with a dot.

commit 0b8c6f8d2ba6d9eacf49ff85b5e4987e7643788a
Author: Noa Horn <nh...@pivotal.io>
Date:   2015-11-25T22:50:19Z

    HAWQ-189. unittest

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq pull request: Hawq 189

Posted by hornn <gi...@git.apache.org>.

Github user hornn commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq/pull/136#discussion_r46312582
  
    --- Diff: pxf/pxf-service/src/main/java/org/apache/hawq/pxf/service/rest/WritableResource.java ---
    @@ -143,7 +146,8 @@ private static Response writeResponse(Bridge bridge,
             } finally {
                 inputStream.close();
             }
    -        returnMsg = "wrote " + totalWritten + " bulks to " + path;
    +        String censuredPath = path.replaceAll("[^a-zA-Z0-9_-]", ".");
    --- End diff --
    
    Done


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq pull request: Hawq 189

Posted by hornn <gi...@git.apache.org>.

Github user hornn closed the pull request at:

    https://github.com/apache/incubator-hawq/pull/136


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq pull request: Hawq 189

Posted by shivzone <gi...@git.apache.org>.

Github user shivzone commented on the pull request:

    https://github.com/apache/incubator-hawq/pull/136#issuecomment-161011763
  
    +1


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-hawq pull request: Hawq 189

Posted by shivzone <gi...@git.apache.org>.

Github user shivzone commented on a diff in the pull request:

    https://github.com/apache/incubator-hawq/pull/136#discussion_r46295586
  
    --- Diff: pxf/pxf-service/src/main/java/org/apache/hawq/pxf/service/rest/WritableResource.java ---
    @@ -143,7 +146,8 @@ private static Response writeResponse(Bridge bridge,
             } finally {
                 inputStream.close();
             }
    -        returnMsg = "wrote " + totalWritten + " bulks to " + path;
    +        String censuredPath = path.replaceAll("[^a-zA-Z0-9_-]", ".");
    --- End diff --
    
    this has be be done as part of a utility. We might commonly use this in other apis and possibly modify it later


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---