You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by bu...@apache.org on 2018/04/21 03:46:20 UTC
[1/6] hbase git commit: Revert "HBase Thrift HTTP - Shouldn't handle
TRACE/OPTIONS methods"
Repository: hbase
Updated Branches:
refs/heads/branch-1 fe84833ea -> e60189035
refs/heads/branch-2 298ce9624 -> cb1aaa683
refs/heads/branch-2.0 0b4f3d1f5 -> 51069e6e8
Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit 05f8e94191ef6a63baadf56d6114d7d0317796f2.
missing jira key
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/1546613e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/1546613e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/1546613e
Branch: refs/heads/branch-2
Commit: 1546613e76b1013a08ebc179c2c22bfeb44f3a4a
Parents: 298ce96
Author: Sean Busbey <bu...@apache.org>
Authored: Fri Apr 20 22:43:25 2018 -0500
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:43:56 2018 -0500
----------------------------------------------------------------------
.../hadoop/hbase/http/TestHttpServer.java | 13 ++----------
.../hadoop/hbase/thrift/ThriftServerRunner.java | 2 --
.../hbase/thrift/TestThriftHttpServer.java | 21 ++++----------------
3 files changed, 6 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/1546613e/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
index 10553da..16350d5 100644
--- a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
+++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
@@ -605,6 +605,8 @@ public class TestHttpServer extends HttpServerFunctionalTest {
myServer.stop();
}
+
+
@Test
public void testNoCacheHeader() throws Exception {
URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -617,15 +619,4 @@ public class TestHttpServer extends HttpServerFunctionalTest {
assertEquals(conn.getHeaderField("Expires"), conn.getHeaderField("Date"));
assertEquals("DENY", conn.getHeaderField("X-Frame-Options"));
}
-
- @Test
- public void testHttpMethods() throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- URL url = new URL(baseUrl, "/echo?a=b");
- HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/1546613e/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 5d887f9..16894ad 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -79,7 +79,6 @@ import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.ParseFilter;
import org.apache.hadoop.hbase.filter.PrefixFilter;
import org.apache.hadoop.hbase.filter.WhileMatchFilter;
-import org.apache.hadoop.hbase.http.HttpServerUtil;
import org.apache.hadoop.hbase.log.HBaseMarkers;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
@@ -446,7 +445,6 @@ public class ThriftServerRunner implements Runnable {
// Context handler
ServletContextHandler ctxHandler = new ServletContextHandler(httpServer, "/", ServletContextHandler.SESSIONS);
ctxHandler.addServlet(new ServletHolder(thriftHttpServlet), "/*");
- HttpServerUtil.constrainHttpMethods(ctxHandler);
// set up Jetty and run the embedded server
HttpConfiguration httpConfig = new HttpConfiguration();
http://git-wip-us.apache.org/repos/asf/hbase/blob/1546613e/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
index c3fecf6..bd156bc 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
@@ -21,8 +21,6 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
-import java.net.HttpURLConnection;
-import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
@@ -40,7 +38,6 @@ import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.junit.AfterClass;
-import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -174,10 +171,8 @@ public class TestThriftHttpServer {
Thread.sleep(100);
}
- String url = "http://"+ HConstants.LOCALHOST + ":" + port;
try {
- checkHttpMethods(url);
- talkToThriftServer(url, customHeaderSize);
+ talkToThriftServer(customHeaderSize);
} catch (Exception ex) {
clientSideException = ex;
} finally {
@@ -194,19 +189,11 @@ public class TestThriftHttpServer {
}
}
- private void checkHttpMethods(String url) throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
-
private static volatile boolean tableCreated = false;
- private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
- THttpClient httpClient = new THttpClient(url);
+ private void talkToThriftServer(int customHeaderSize) throws Exception {
+ THttpClient httpClient = new THttpClient(
+ "http://"+ HConstants.LOCALHOST + ":" + port);
httpClient.open();
if (customHeaderSize > 0) {
[5/6] hbase git commit: Revert "HBase Thrift HTTP - Shouldn't handle
TRACE/OPTIONS methods"
Posted by bu...@apache.org.
Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit fe84833ea22c30b68022203132706ebb1e526852.
missing jira key
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/eacf3cb2
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/eacf3cb2
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/eacf3cb2
Branch: refs/heads/branch-1
Commit: eacf3cb29641af1a68978d9bd7654f643a3aa3a1
Parents: fe84833
Author: Sean Busbey <bu...@apache.org>
Authored: Fri Apr 20 22:45:37 2018 -0500
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:45:37 2018 -0500
----------------------------------------------------------------------
.../hadoop/hbase/http/TestHttpServer.java | 13 ++----------
.../hadoop/hbase/thrift/ThriftServerRunner.java | 2 --
.../hbase/thrift/TestThriftHttpServer.java | 21 ++++----------------
3 files changed, 6 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/eacf3cb2/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
index 2cb6cb4..cec3fd1 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
@@ -608,6 +608,8 @@ public class TestHttpServer extends HttpServerFunctionalTest {
myServer.stop();
}
+
+
@Test
public void testNoCacheHeader() throws Exception {
URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -632,15 +634,4 @@ public class TestHttpServer extends HttpServerFunctionalTest {
.build();
s.stop();
}
-
- @Test
- public void testHttpMethods() throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- URL url = new URL(baseUrl, "/echo?a=b");
- HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/eacf3cb2/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 8292e91..07c18a7 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -100,7 +100,6 @@ import org.apache.hadoop.hbase.thrift.generated.TScan;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.ConnectionCache;
import org.apache.hadoop.hbase.util.DNS;
-import org.apache.hadoop.hbase.util.HttpServerUtil;
import org.apache.hadoop.hbase.util.JvmPauseMonitor;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.security.SaslRpcServer.SaslGssCallbackHandler;
@@ -423,7 +422,6 @@ public class ThriftServerRunner implements Runnable {
String httpPath = "/*";
httpServer.setHandler(context);
context.addServlet(new ServletHolder(thriftHttpServlet), httpPath);
- HttpServerUtil.constrainHttpMethods(context);
// set up Jetty and run the embedded server
Connector connector = new SelectChannelConnector();
http://git-wip-us.apache.org/repos/asf/hbase/blob/eacf3cb2/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
index ed91a29..cf14e87 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
@@ -22,8 +22,6 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
-import java.net.HttpURLConnection;
-import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -42,7 +40,6 @@ import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.junit.AfterClass;
-import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -169,10 +166,8 @@ public class TestThriftHttpServer {
Thread.sleep(100);
}
- String url = "http://"+ HConstants.LOCALHOST + ":" + port;
try {
- checkHttpMethods(url);
- talkToThriftServer(url, customHeaderSize);
+ talkToThriftServer(customHeaderSize);
} catch (Exception ex) {
clientSideException = ex;
} finally {
@@ -189,19 +184,11 @@ public class TestThriftHttpServer {
}
}
- private void checkHttpMethods(String url) throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
-
private static volatile boolean tableCreated = false;
- private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
- THttpClient httpClient = new THttpClient(url);
+ private void talkToThriftServer(int customHeaderSize) throws Exception {
+ THttpClient httpClient = new THttpClient(
+ "http://"+ HConstants.LOCALHOST + ":" + port);
httpClient.open();
if (customHeaderSize > 0) {
[3/6] hbase git commit: HBASE-19547 HBase fails building on AArch64
due to asciidoctor-maven-plugin
Posted by bu...@apache.org.
HBASE-19547 HBase fails building on AArch64 due to asciidoctor-maven-plugin
Signed-off-by: Sean Busbey <bu...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/cb1aaa68
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/cb1aaa68
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/cb1aaa68
Branch: refs/heads/branch-2
Commit: cb1aaa683b4fd6cc024e55eb6d1929b06b57702c
Parents: ddf8b2a
Author: Yuqi Gu <yu...@arm.com>
Authored: Mon Dec 18 09:13:38 2017 +0000
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:44:24 2018 -0500
----------------------------------------------------------------------
pom.xml | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/cb1aaa68/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index c8bc1f4..7573d2b 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1154,6 +1154,11 @@
<artifactId>asciidoctorj-pdf</artifactId>
<version>${asciidoctorj.pdf.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jruby</groupId>
+ <artifactId>jruby-complete</artifactId>
+ <version>${jruby.version}</version>
+ </dependency>
</dependencies>
<configuration>
<outputDirectory>${project.reporting.outputDirectory}/</outputDirectory>
[6/6] hbase git commit: HBASE-20406 HBase Thrift HTTP - Shouldn't
handle TRACE/OPTIONS methods
Posted by bu...@apache.org.
HBASE-20406 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <el...@apache.org>
Signed-off-by: Ted Yu <yu...@gmail.com>
Signed-off-by: Sean Busbey <bu...@apache.org>
Conflicts:
hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/e6018903
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/e6018903
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/e6018903
Branch: refs/heads/branch-1
Commit: e60189035e1974226f6176be52f29dff79a1fb18
Parents: eacf3cb
Author: Kevin Risden <kr...@apache.org>
Authored: Thu Apr 12 21:08:15 2018 -0500
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:45:49 2018 -0500
----------------------------------------------------------------------
.../hadoop/hbase/http/TestHttpServer.java | 13 ++++++++++--
.../hadoop/hbase/thrift/ThriftServerRunner.java | 2 ++
.../hbase/thrift/TestThriftHttpServer.java | 21 ++++++++++++++++----
3 files changed, 30 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/e6018903/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
index cec3fd1..2cb6cb4 100644
--- a/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
+++ b/hbase-server/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
@@ -608,8 +608,6 @@ public class TestHttpServer extends HttpServerFunctionalTest {
myServer.stop();
}
-
-
@Test
public void testNoCacheHeader() throws Exception {
URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -634,4 +632,15 @@ public class TestHttpServer extends HttpServerFunctionalTest {
.build();
s.stop();
}
+
+ @Test
+ public void testHttpMethods() throws Exception {
+ // HTTP TRACE method should be disabled for security
+ // See https://www.owasp.org/index.php/Cross_Site_Tracing
+ URL url = new URL(baseUrl, "/echo?a=b");
+ HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+ conn.setRequestMethod("TRACE");
+ conn.connect();
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
+ }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/e6018903/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 07c18a7..8292e91 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -100,6 +100,7 @@ import org.apache.hadoop.hbase.thrift.generated.TScan;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.hadoop.hbase.util.ConnectionCache;
import org.apache.hadoop.hbase.util.DNS;
+import org.apache.hadoop.hbase.util.HttpServerUtil;
import org.apache.hadoop.hbase.util.JvmPauseMonitor;
import org.apache.hadoop.hbase.util.Strings;
import org.apache.hadoop.security.SaslRpcServer.SaslGssCallbackHandler;
@@ -422,6 +423,7 @@ public class ThriftServerRunner implements Runnable {
String httpPath = "/*";
httpServer.setHandler(context);
context.addServlet(new ServletHolder(thriftHttpServlet), httpPath);
+ HttpServerUtil.constrainHttpMethods(context);
// set up Jetty and run the embedded server
Connector connector = new SelectChannelConnector();
http://git-wip-us.apache.org/repos/asf/hbase/blob/e6018903/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
index cf14e87..ed91a29 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
@@ -22,6 +22,8 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
+import java.net.HttpURLConnection;
+import java.net.URL;
import java.util.ArrayList;
import java.util.List;
@@ -40,6 +42,7 @@ import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.junit.AfterClass;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
@@ -166,8 +169,10 @@ public class TestThriftHttpServer {
Thread.sleep(100);
}
+ String url = "http://"+ HConstants.LOCALHOST + ":" + port;
try {
- talkToThriftServer(customHeaderSize);
+ checkHttpMethods(url);
+ talkToThriftServer(url, customHeaderSize);
} catch (Exception ex) {
clientSideException = ex;
} finally {
@@ -184,11 +189,19 @@ public class TestThriftHttpServer {
}
}
+ private void checkHttpMethods(String url) throws Exception {
+ // HTTP TRACE method should be disabled for security
+ // See https://www.owasp.org/index.php/Cross_Site_Tracing
+ HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
+ conn.setRequestMethod("TRACE");
+ conn.connect();
+ Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
+ }
+
private static volatile boolean tableCreated = false;
- private void talkToThriftServer(int customHeaderSize) throws Exception {
- THttpClient httpClient = new THttpClient(
- "http://"+ HConstants.LOCALHOST + ":" + port);
+ private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
+ THttpClient httpClient = new THttpClient(url);
httpClient.open();
if (customHeaderSize > 0) {
[2/6] hbase git commit: HBASE-20406 HBase Thrift HTTP - Shouldn't
handle TRACE/OPTIONS methods
Posted by bu...@apache.org.
HBASE-20406 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <el...@apache.org>
Signed-off-by: Ted Yu <yu...@gmail.com>
Signed-off-by: Sean Busbey <bu...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/ddf8b2a2
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/ddf8b2a2
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/ddf8b2a2
Branch: refs/heads/branch-2
Commit: ddf8b2a2c43c3da3b3187b2e9b9ebd003ec8b441
Parents: 1546613
Author: Kevin Risden <kr...@apache.org>
Authored: Thu Apr 12 21:08:15 2018 -0500
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:44:01 2018 -0500
----------------------------------------------------------------------
.../hadoop/hbase/http/TestHttpServer.java | 13 ++++++++++--
.../hadoop/hbase/thrift/ThriftServerRunner.java | 2 ++
.../hbase/thrift/TestThriftHttpServer.java | 21 ++++++++++++++++----
3 files changed, 30 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/ddf8b2a2/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
index 16350d5..10553da 100644
--- a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
+++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
@@ -605,8 +605,6 @@ public class TestHttpServer extends HttpServerFunctionalTest {
myServer.stop();
}
-
-
@Test
public void testNoCacheHeader() throws Exception {
URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -619,4 +617,15 @@ public class TestHttpServer extends HttpServerFunctionalTest {
assertEquals(conn.getHeaderField("Expires"), conn.getHeaderField("Date"));
assertEquals("DENY", conn.getHeaderField("X-Frame-Options"));
}
+
+ @Test
+ public void testHttpMethods() throws Exception {
+ // HTTP TRACE method should be disabled for security
+ // See https://www.owasp.org/index.php/Cross_Site_Tracing
+ URL url = new URL(baseUrl, "/echo?a=b");
+ HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+ conn.setRequestMethod("TRACE");
+ conn.connect();
+ assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
+ }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/ddf8b2a2/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 16894ad..5d887f9 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -79,6 +79,7 @@ import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.ParseFilter;
import org.apache.hadoop.hbase.filter.PrefixFilter;
import org.apache.hadoop.hbase.filter.WhileMatchFilter;
+import org.apache.hadoop.hbase.http.HttpServerUtil;
import org.apache.hadoop.hbase.log.HBaseMarkers;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
@@ -445,6 +446,7 @@ public class ThriftServerRunner implements Runnable {
// Context handler
ServletContextHandler ctxHandler = new ServletContextHandler(httpServer, "/", ServletContextHandler.SESSIONS);
ctxHandler.addServlet(new ServletHolder(thriftHttpServlet), "/*");
+ HttpServerUtil.constrainHttpMethods(ctxHandler);
// set up Jetty and run the embedded server
HttpConfiguration httpConfig = new HttpConfiguration();
http://git-wip-us.apache.org/repos/asf/hbase/blob/ddf8b2a2/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
index bd156bc..c3fecf6 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
@@ -21,6 +21,8 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
+import java.net.HttpURLConnection;
+import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
@@ -38,6 +40,7 @@ import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.junit.AfterClass;
+import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -171,8 +174,10 @@ public class TestThriftHttpServer {
Thread.sleep(100);
}
+ String url = "http://"+ HConstants.LOCALHOST + ":" + port;
try {
- talkToThriftServer(customHeaderSize);
+ checkHttpMethods(url);
+ talkToThriftServer(url, customHeaderSize);
} catch (Exception ex) {
clientSideException = ex;
} finally {
@@ -189,11 +194,19 @@ public class TestThriftHttpServer {
}
}
+ private void checkHttpMethods(String url) throws Exception {
+ // HTTP TRACE method should be disabled for security
+ // See https://www.owasp.org/index.php/Cross_Site_Tracing
+ HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
+ conn.setRequestMethod("TRACE");
+ conn.connect();
+ Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
+ }
+
private static volatile boolean tableCreated = false;
- private void talkToThriftServer(int customHeaderSize) throws Exception {
- THttpClient httpClient = new THttpClient(
- "http://"+ HConstants.LOCALHOST + ":" + port);
+ private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
+ THttpClient httpClient = new THttpClient(url);
httpClient.open();
if (customHeaderSize > 0) {
[4/6] hbase git commit: HBASE-19547 HBase fails building on AArch64
due to asciidoctor-maven-plugin
Posted by bu...@apache.org.
HBASE-19547 HBase fails building on AArch64 due to asciidoctor-maven-plugin
Signed-off-by: Sean Busbey <bu...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/51069e6e
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/51069e6e
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/51069e6e
Branch: refs/heads/branch-2.0
Commit: 51069e6e83e58902ca9c3ebb957b80f65627a924
Parents: 0b4f3d1
Author: Yuqi Gu <yu...@arm.com>
Authored: Mon Dec 18 09:13:38 2017 +0000
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:45:10 2018 -0500
----------------------------------------------------------------------
pom.xml | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/51069e6e/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 7c949dd..983dc3c 100755
--- a/pom.xml
+++ b/pom.xml
@@ -1153,6 +1153,11 @@
<artifactId>asciidoctorj-pdf</artifactId>
<version>${asciidoctorj.pdf.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.jruby</groupId>
+ <artifactId>jruby-complete</artifactId>
+ <version>${jruby.version}</version>
+ </dependency>
</dependencies>
<configuration>
<outputDirectory>${project.reporting.outputDirectory}/</outputDirectory>