You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Mike Drob (JIRA)" <ji...@apache.org> on 2018/06/14 20:28:00 UTC

[jira] [Commented] (HBASE-20735) Invalid validation of coprocessor whitelist

    [ https://issues.apache.org/jira/browse/HBASE-20735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16512942#comment-16512942 ] 

Mike Drob commented on HBASE-20735:
-----------------------------------

is this an issue on branch-1, branch-2, or both?

> Invalid validation of coprocessor whitelist
> -------------------------------------------
>
>                 Key: HBASE-20735
>                 URL: https://issues.apache.org/jira/browse/HBASE-20735
>             Project: HBase
>          Issue Type: Bug
>          Components: Coprocessors
>            Reporter: Jagadeesh Anabathula
>            Assignee: Clay B.
>            Priority: Major
>              Labels: security
>
> Per HBASE-16700, coprocessors can be present only in whitelisted paths.
>  It validates for every new coprocessor, if jar's path is in whitelist paths.
>  It is currently validating only the first coprocessor that is set to a table. All the coprocessors that are added after that are not validated and allows path other than that are whitelisted.
> In my case, I have hbase.coprocessor.region.whitelist.paths as /tmp/**,*/tmp/coprocessors/*
> Following works fine
> {code}
>  hbase(main):001:0> create 'test_coprocessors', 'c'
>  0 row(s) in 1.7540 seconds
> => Hbase::Table - test_coprocessors
>  hbase(main):002:0> alter 'test_coprocessors', METHOD => 'table_att', 'COPROCESSOR' => 'hdfs:/tmp/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.PrefixedDataFilter|100|prefix=P'
>  Updating all regions with the new schema...
>  1/1 regions updated.
>  Done.
>  0 row(s) in 2.1250 seconds
> hbase(main):003:0> alter 'test_coprocessors', METHOD => 'table_att', 'COPROCESSOR' => 'hdfs:/user/hbase/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.PrefixedDataFilter|100|prefix=P'
>  Updating all regions with the new schema...
>  1/1 regions updated.
>  Done.
>  0 row(s) in 1.9690 seconds
> hbase(main):004:0> desc 'test_coprocessors'
>  Table test_coprocessors is ENABLED
>  test_coprocessors, {TABLE_ATTRIBUTES => {METADATA => {'COPROCESSOR$1' => 'hdfs:/tmp/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observer
>  s.PrefixedDataFilter|100|prefix=P', 'COPROCESSOR$2' => 'hdfs:/user/hbase/coprocessors/coprocessors-0.4.0.jar|com.test.hbase.coprocessors.observers.Prefi
>  xedDataFilter|100|prefix=P'}}
>  COLUMN FAMILIES DESCRIPTION
> {NAME => 'c', BLOOMFILTER => 'ROW', VERSIONS => '1', IN_MEMORY => 'false', KEEP_DELETED_CELLS => 'FALSE', DATA_BLOCK_ENCODING => 'NONE', TTL => 'FOREVER', COMPRESSION => 'NONE', MIN_VERSIONS => '0', BLOCKCACHE => 'true', BLOCKSIZE => '65536', REPLICATION_SCOPE => '0'}
> 1 row(s) in 0.0220 seconds
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)