You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-dev@hadoop.apache.org by "Akira Ajisaka (Jira)" <ji...@apache.org> on 2020/02/19 01:42:00 UTC
[jira] [Resolved] (YARN-6506) Fix the code vulnerability of
org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap
[ https://issues.apache.org/jira/browse/YARN-6506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Akira Ajisaka resolved YARN-6506.
---------------------------------
Resolution: Cannot Reproduce
Now there are no findbugs warnings in the module. Closing.
> Fix the code vulnerability of org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap
> ----------------------------------------------------------------------------------
>
> Key: YARN-6506
> URL: https://issues.apache.org/jira/browse/YARN-6506
> Project: Hadoop YARN
> Issue Type: Sub-task
> Components: scheduler-load-simulator
> Reporter: Yufei Gu
> Priority: Major
>
> It is reported by findbugs in YARN-6423.
> MS_MUTABLE_COLLECTION: Field is a mutable collection
> A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org