You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Akira Ajisaka (Jira)" <ji...@apache.org> on 2020/02/19 01:42:00 UTC

[jira] [Resolved] (YARN-6506) Fix the code vulnerability of org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap

     [ https://issues.apache.org/jira/browse/YARN-6506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Akira Ajisaka resolved YARN-6506.
---------------------------------
    Resolution: Cannot Reproduce

Now there are no findbugs warnings in the module. Closing.

> Fix the code vulnerability of org.apache.hadoop.yarn.sls.SLSRunner.simulateInfoMap
> ----------------------------------------------------------------------------------
>
>                 Key: YARN-6506
>                 URL: https://issues.apache.org/jira/browse/YARN-6506
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: scheduler-load-simulator
>            Reporter: Yufei Gu
>            Priority: Major
>
> It is reported by findbugs in YARN-6423.
> MS_MUTABLE_COLLECTION: Field is a mutable collection
> A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. Consider wrapping this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org