You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by pengjianhua <pe...@zte.com.cn> on 2017/07/28 03:32:07 UTC
Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
New Defects reported by Coverity Scan for Apache Ranger
Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
Null pointer dereferences (NULL_RETURNS)
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
Reason: Hi, Hive also has this problem,
Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
Diffs
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
Diff: https://reviews.apache.org/r/61202/diff/1/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181650
-----------------------------------------------------------
Ship it!
Ship It!
- pengjianhua
On 七月 28, 2017, 3:32 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 七月 28, 2017, 3:32 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
>
>
> Diff: https://reviews.apache.org/r/61202/diff/1/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181681
-----------------------------------------------------------
Is it possible to add some tests for this feature?
- Colm O hEigeartaigh
On July 28, 2017, 3:32 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated July 28, 2017, 3:32 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
>
>
> Diff: https://reviews.apache.org/r/61202/diff/1/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 七月 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
>
> pengjianhua wrote:
> The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
> 1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
> 2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
> The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
>
> Colm O hEigeartaigh wrote:
> What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead?
>
> pengjianhua wrote:
> I'm sorry. My description Misleaded with you. The patch would fix new Defects reported by Coverity Scan for Apache Ranger. Thanks a lots.
>
> Colm O hEigeartaigh wrote:
> Yes I understand that, but I am questioning what this new feature that was committed actually means in the context of Ranger authorization....
Ok. I understand your mean now. I modify the issue to a bug. There will be more modification if we add it to the context of Ranger authorization. New issues may be introduced if I add it to the context of Ranger authorization. We fix this bug first, how is it? Then I will work with our hive engineers to further analyze how to add it to the context of Ranger authorization. And I will commit the function to Ranger after we analyse, develop and carefully test. Thanks.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On 八月 2, 2017, 6:59 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 2, 2017, 6:59 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 七月 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
>
> pengjianhua wrote:
> The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
> 1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
> 2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
> The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
>
> Colm O hEigeartaigh wrote:
> What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead?
I'm sorry. My description Misleaded with you. The patch would fix new Defects reported by Coverity Scan for Apache Ranger. Thanks a lots.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On 八月 2, 2017, 6:59 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 2, 2017, 6:59 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by pengjianhua <pe...@zte.com.cn>.
> On 七月 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On 七月 31, 2017, 2:15 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 七月 31, 2017, 2:15 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by Colm O hEigeartaigh <co...@apache.org>.
> On July 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
>
> pengjianhua wrote:
> The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
> 1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
> 2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
> The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead?
- Colm
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On July 31, 2017, 2:15 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated July 31, 2017, 2:15 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
> On July 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
>
> pengjianhua wrote:
> The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
> 1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
> 2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
> The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
>
> Colm O hEigeartaigh wrote:
> What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead?
>
> pengjianhua wrote:
> I'm sorry. My description Misleaded with you. The patch would fix new Defects reported by Coverity Scan for Apache Ranger. Thanks a lots.
Yes I understand that, but I am questioning what this new feature that was committed actually means in the context of Ranger authorization....
- Colm
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On Aug. 2, 2017, 6:59 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 2, 2017, 6:59 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
> On July 31, 2017, 2:12 p.m., Colm O hEigeartaigh wrote:
> > I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
>
> pengjianhua wrote:
> The hive plugin effected the hive function after used the hive plugin. Lots of programs have used "show grant user" command before used hive plugin of Ranger. They can run succefully. Now these programs run fail after the user used hive plugin. The issue resolved this problem. Details are as following.
> 1. Execute the 'show grant user' succefully in hive when user doesn't use ranger hive plugin.
> 2. Execute the 'show grant user' fail in hive when user uses ranger hive plugin.
> The conclusion is that the hive command run fail after used hive plugin of ranger. All application programs using this command executed fail after the user used hive plugin of ranger. This issue affected the hive's functions which are ok if user doesn't use our hive plugin.
>
> Colm O hEigeartaigh wrote:
> What I'm wondering is what the purpose of "show user grant" is though, once we are using the Ranger authorizer? If we are enabling Ranger to secure Hive, then what purpose do the Hive privileges serve? The privileges won't be enforced as the Ranger policies will be enforced instead?
>
> pengjianhua wrote:
> I'm sorry. My description Misleaded with you. The patch would fix new Defects reported by Coverity Scan for Apache Ranger. Thanks a lots.
>
> Colm O hEigeartaigh wrote:
> Yes I understand that, but I am questioning what this new feature that was committed actually means in the context of Ranger authorization....
>
> pengjianhua wrote:
> Ok. I understand your mean now. I modify the issue to a bug. There will be more modification if we add it to the context of Ranger authorization. New issues may be introduced if I add it to the context of Ranger authorization. We fix this bug first, how is it? Then I will work with our hive engineers to further analyze how to add it to the context of Ranger authorization. And I will commit the function to Ranger after we analyse, develop and carefully test. Thanks.
Ok sounds good. It would be great if you would take a look at the patch that was submitted for Hive Metadata with Ranger, it might link in with that...(RANGER-1247)
- Colm
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
On Aug. 2, 2017, 6:59 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 2, 2017, 6:59 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181803
-----------------------------------------------------------
I'm wondering what the expected output of "show grant user X" is? I would have expected to see the privileges that correspond to policies created in the Ranger admin service, but this is not the case. If the output is nothing to do with Ranger policies, then I'm wondering what the use-case is here for supporting this functionality with the Ranger authorizer?
- Colm O hEigeartaigh
On July 31, 2017, 2:15 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated July 31, 2017, 2:15 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 八月 3, 2017, 4:32 p.m., Colm O hEigeartaigh wrote:
> > There are some whitespace warnings in the patch that need to be fixed. Also, the indentation of showPrivileges is incorrect, starting with "List<HiveObjectPrivilege> msObjPrivs"
Thanks for reminding me. I update patch again? Please review again.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182122
-----------------------------------------------------------
On 八月 4, 2017, 9:21 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 4, 2017, 9:21 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/3/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182122
-----------------------------------------------------------
There are some whitespace warnings in the patch that need to be fixed. Also, the indentation of showPrivileges is incorrect, starting with "List<HiveObjectPrivilege> msObjPrivs"
- Colm O hEigeartaigh
On Aug. 2, 2017, 6:59 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 2, 2017, 6:59 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 八月 4, 2017, 10:15 a.m., Colm O hEigeartaigh wrote:
> > The indentation is still incorrect in RangerHiveAuthorizer starting line 1473...
Hi?May be my code templates and your advantages of different, I changed another code template? I modify the patch ?Thanks.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182194
-----------------------------------------------------------
On 八月 4, 2017, 1:25 p.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 4, 2017, 1:25 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/4/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182194
-----------------------------------------------------------
The indentation is still incorrect in RangerHiveAuthorizer starting line 1473...
- Colm O hEigeartaigh
On Aug. 4, 2017, 9:21 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 4, 2017, 9:21 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/3/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182580
-----------------------------------------------------------
Ship it!
Ship It!
- Colm O hEigeartaigh
On Aug. 10, 2017, 12:30 p.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 10, 2017, 12:30 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/8/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 10, 2017, 12:30 p.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/8/
Changes: https://reviews.apache.org/r/61202/diff/7-8/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 八月 10, 2017, 10:48 a.m., Colm O hEigeartaigh wrote:
> > There's a whitespace error at the end of the test.
Fixed it ,and update the patch ,it's my failure ,thanks again.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182572
-----------------------------------------------------------
On 八月 10, 2017, 2:41 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 10, 2017, 2:41 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/8/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182572
-----------------------------------------------------------
There's a whitespace error at the end of the test.
- Colm O hEigeartaigh
On Aug. 10, 2017, 2:41 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 10, 2017, 2:41 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/7/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 10, 2017, 2:41 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/7/
Changes: https://reviews.apache.org/r/61202/diff/6-7/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 八月 9, 2017, 11:48 a.m., Colm O hEigeartaigh wrote:
> > The test is now failing for me?
> >
> > [ERROR] Failures:
> > [ERROR] HIVERangerAuthorizerTest.testShowPrivileges:917 Failure on User has to specify a user name or role in the show grant
> > [INFO]
Hi .The test case includes two sub-test cases, The second sub-test case is to test that the user does not exist. you are right, it may May mislead you I removed second sub-test case. thanks.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182483
-----------------------------------------------------------
On 八月 9, 2017, 5:35 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 9, 2017, 5:35 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/6/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182483
-----------------------------------------------------------
The test is now failing for me?
[ERROR] Failures:
[ERROR] HIVERangerAuthorizerTest.testShowPrivileges:917 Failure on User has to specify a user name or role in the show grant
[INFO]
- Colm O hEigeartaigh
On Aug. 9, 2017, 5:35 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 9, 2017, 5:35 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/6/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 9, 2017, 5:35 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/6/
Changes: https://reviews.apache.org/r/61202/diff/5-6/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 9, 2017, 5:20 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
Diff: https://reviews.apache.org/r/61202/diff/5/
Changes: https://reviews.apache.org/r/61202/diff/4-5/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
> On 八月 8, 2017, 3:56 p.m., Colm O hEigeartaigh wrote:
> > Thanks, indentation looks fine now. I'd like to see just a few minor improvements to the code in RangerHiveAuthorizer.
> >
> > 1) The "if" statement could be moved up to the top under the for loop to avoid creating unnecessary objects.
> > 2) Also in the if statement it references "msObjRef.getObjectType()", whereas just above we have the definition of "objectType" that could be used instead.
Yes, you are right.It is necessary, This modification can really save resources.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182398
-----------------------------------------------------------
On 八月 9, 2017, 5:20 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 八月 9, 2017, 5:20 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
>
>
> Diff: https://reviews.apache.org/r/61202/diff/5/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review182398
-----------------------------------------------------------
Thanks, indentation looks fine now. I'd like to see just a few minor improvements to the code in RangerHiveAuthorizer.
1) The "if" statement could be moved up to the top under the for loop to avoid creating unnecessary objects.
2) Also in the if statement it references "msObjRef.getObjectType()", whereas just above we have the definition of "objectType" that could be used instead.
- Colm O hEigeartaigh
On Aug. 4, 2017, 1:25 p.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated Aug. 4, 2017, 1:25 p.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> ** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
>
>
> ________________________________________________________________________________________________________
> *** CID 166074: Null pointer dereferences (NULL_RETURNS)
> /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
> 1468 .getType());
> 1469
> 1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
> 1471 principalName, principalType,
> 1472 this.getThriftHiveObjectRef(privObj));
> 1473
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
> 1479
>
> ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
>
>
> ________________________________________________________________________________________________________
> *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
> 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
> 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
> 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
> 598
> 599 // Build random string of random length
> 600 byte[] bytes = new byte[1];
> >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
> >>> Random object created and used only once.
> 601 new Random().nextBytes(bytes);
> 602 int count = bytes[0];
> 603 count = count < 56 ? 56 : count;
> 604 count = count > 112 ? 112 : count;
> 605
> 606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/4/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 4, 2017, 1:25 p.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/4/
Changes: https://reviews.apache.org/r/61202/diff/3-4/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 4, 2017, 9:21 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Changes
-------
update patch
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/3/
Changes: https://reviews.apache.org/r/61202/diff/2-3/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: New Defects reported by Coverity Scan for
Apache Ranger
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 八月 2, 2017, 6:59 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Summary (updated)
-----------------
New Defects reported by Coverity Scan for Apache Ranger
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description (updated)
-------
** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
________________________________________________________________________________________________________
*** CID 166074: Null pointer dereferences (NULL_RETURNS)
/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType());
1469
1470 List<HiveObjectPrivilege> msObjPrivs = mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj));
1473
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
1479
** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
________________________________________________________________________________________________________
*** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605
606 String random = RandomStringUtils.random(count, "^&#@!%()-_+=@:;'<>`~abcdefghijklmnopqrstuvwxyz01234567890");
Diffs
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/2/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by pengjianhua <pe...@zte.com.cn>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/
-----------------------------------------------------------
(Updated 七月 31, 2017, 2:15 a.m.)
Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
Changes
-------
Add test for this feature
Bugs: RANGER-1669
https://issues.apache.org/jira/browse/RANGER-1669
Repository: ranger
Description
-------
New Defects reported by Coverity Scan for Apache Ranger
Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
Null pointer dereferences (NULL_RETURNS)
>>> CID 166074: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()));
Reason: Hi, Hive also has this problem,
Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
Diffs (updated)
-----
hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
Diff: https://reviews.apache.org/r/61202/diff/2/
Changes: https://reviews.apache.org/r/61202/diff/1-2/
Testing
-------
tested it
Thanks,
pengjianhua
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by pengjianhua <pe...@zte.com.cn>.
> On 七月 28, 2017, 4:03 p.m., Colm O hEigeartaigh wrote:
> > The "else" after the initial "if (principal == null) {" is not necessary.
Thanks for you advise ,I had modify the code and add test for this feature ,Please review again.
- pengjianhua
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181680
-----------------------------------------------------------
On 七月 31, 2017, 2:15 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated 七月 31, 2017, 2:15 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
> hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java 011d2c3
>
>
> Diff: https://reviews.apache.org/r/61202/diff/2/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>
Re: Review Request 61202: Fixed-RANGER-1669:We need to support the
original functionality of hive.show grant user usernam
Posted by Colm O hEigeartaigh <co...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/61202/#review181680
-----------------------------------------------------------
The "else" after the initial "if (principal == null) {" is not necessary.
- Colm O hEigeartaigh
On July 28, 2017, 3:32 a.m., pengjianhua wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/61202/
> -----------------------------------------------------------
>
> (Updated July 28, 2017, 3:32 a.m.)
>
>
> Review request for ranger, Don Bosco Durai, Colm O hEigeartaigh, and Qiang Zhang.
>
>
> Bugs: RANGER-1669
> https://issues.apache.org/jira/browse/RANGER-1669
>
>
> Repository: ranger
>
>
> Description
> -------
>
> New Defects reported by Coverity Scan for Apache Ranger
> Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
> Null pointer dereferences (NULL_RETURNS)
> >>> CID 166074: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "msObjPrivs".
> 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
> 1475 HivePrincipal resPrincipal = new HivePrincipal(
> 1476 msObjPriv.getPrincipalName(),
> 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv
> 1478 .getPrincipalType()));
>
> Reason: Hi, Hive also has this problem,
> Update patch solved this prolem for hive-plugin(Ranger-1669). hdfs-plugin has solved by Abhay (Ranger-1695)please review again.thanks.
>
>
> Diffs
> -----
>
> hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java 6872e50
>
>
> Diff: https://reviews.apache.org/r/61202/diff/1/
>
>
> Testing
> -------
>
> tested it
>
>
> Thanks,
>
> pengjianhua
>
>