You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by pv...@apache.org on 2018/10/04 16:55:57 UTC
hive git commit: HIVE-20544: TOpenSessionReq logs password and
username (Karen Coppage, reviewed by Andrew Sherman and Peter Vary)
Repository: hive
Updated Branches:
refs/heads/master 1cfe4f913 -> d0ed25e3b
HIVE-20544: TOpenSessionReq logs password and username (Karen Coppage, reviewed by Andrew Sherman and Peter Vary)
Project: http://git-wip-us.apache.org/repos/asf/hive/repo
Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/d0ed25e3
Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/d0ed25e3
Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/d0ed25e3
Branch: refs/heads/master
Commit: d0ed25e3b6ba357f36ef7ee1d86fcc82974f13b2
Parents: 1cfe4f9
Author: Peter Vary <pv...@cloudera.com>
Authored: Thu Oct 4 18:52:42 2018 +0200
Committer: Peter Vary <pv...@cloudera.com>
Committed: Thu Oct 4 18:52:42 2018 +0200
----------------------------------------------------------------------
.../thrift/TestThriftCLIServiceSecurity.java | 44 ++++++++++++++
service-rpc/pom.xml | 60 +++++++++++++-------
.../service/rpc/thrift/TOpenSessionReq.java | 7 +--
3 files changed, 85 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hive/blob/d0ed25e3/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java
----------------------------------------------------------------------
diff --git a/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java b/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java
new file mode 100644
index 0000000..040c694
--- /dev/null
+++ b/itests/hive-unit/src/test/java/org/apache/hive/service/cli/thrift/TestThriftCLIServiceSecurity.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hive.service.cli.thrift;
+
+import static org.junit.Assert.assertFalse;
+
+import org.apache.hive.service.rpc.thrift.TOpenSessionReq;
+import org.junit.Test;
+
+/**
+ * Test security in classes generated by Thrift.
+ */
+public class TestThriftCLIServiceSecurity {
+
+ /**
+ * Ensures password isn't printed to logs from TOpenSessionReq.toString().
+ * See maven-replacer-plugin code in service-rpc/pom.xml.
+ *
+ * @throws Exception
+ */
+ @Test
+ public void testPasswordNotInLogs() throws Exception {
+ String PASSWORD = "testpassword";
+ TOpenSessionReq tOpenSessionReq = new TOpenSessionReq();
+ tOpenSessionReq.setPassword(PASSWORD);
+ assertFalse(tOpenSessionReq.toString().contains(PASSWORD));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/hive/blob/d0ed25e3/service-rpc/pom.xml
----------------------------------------------------------------------
diff --git a/service-rpc/pom.xml b/service-rpc/pom.xml
index d6a07a5..2f9ef45 100644
--- a/service-rpc/pom.xml
+++ b/service-rpc/pom.xml
@@ -121,29 +121,47 @@
<goals>
<goal>replace</goal>
</goals>
+ <configuration>
+ <basedir>${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/</basedir>
+ <filesToInclude>*.java</filesToInclude>
+ <replacements>
+ <replacement>
+ <token>public class</token>
+ <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class</value>
+ <unescape>true</unescape>
+ </replacement>
+ <replacement>
+ <token>public static class</token>
+ <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class</value>
+ <unescape>true</unescape>
+ </replacement>
+ <replacement>
+ <token>public interface</token>
+ <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface</value>
+ <unescape>true</unescape>
+ </replacement>
+ </replacements>
+ </configuration>
+ </execution>
+ <execution>
+ <id>mask-password</id>
+ <phase>process-sources</phase>
+ <goals>
+ <goal>replace</goal>
+ </goals>
+ <configuration>
+ <file>${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java</file>
+ <replacements>
+ <replacement>
+ <token> if \(this.password \=\= null\) \{\n sb.append\(\"null"\)\;\n \} else \{\n sb.append\(this.password\)\;\n \}</token>
+ <value>// Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes.
+ sb.append("-");
+ </value>
+ </replacement>
+ </replacements>
+ </configuration>
</execution>
</executions>
- <configuration>
- <basedir>${basedir}/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/</basedir>
- <filesToInclude>*.java</filesToInclude>
- <replacements>
- <replacement>
- <token>public class</token>
- <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public class</value>
- <unescape>true</unescape>
- </replacement>
- <replacement>
- <token>public static class</token>
- <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public static class</value>
- <unescape>true</unescape>
- </replacement>
- <replacement>
- <token>public interface</token>
- <value>@org.apache.hadoop.hive.common.classification.InterfaceAudience.Public @org.apache.hadoop.hive.common.classification.InterfaceStability.Stable public interface</value>
- <unescape>true</unescape>
- </replacement>
- </replacements>
- </configuration>
</plugin>
</plugins>
</build>
http://git-wip-us.apache.org/repos/asf/hive/blob/d0ed25e3/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
----------------------------------------------------------------------
diff --git a/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java b/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
index 3195e70..2550d98 100644
--- a/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
+++ b/service-rpc/src/gen/thrift/gen-javabean/org/apache/hive/service/rpc/thrift/TOpenSessionReq.java
@@ -540,11 +540,8 @@ import org.slf4j.LoggerFactory;
if (isSetPassword()) {
if (!first) sb.append(", ");
sb.append("password:");
- if (this.password == null) {
- sb.append("null");
- } else {
- sb.append(this.password);
- }
+ // Password found and replaced by maven-replacer-plugin in hive-service-rpc.pom. Please update if this file changes.
+ sb.append("-");
first = false;
}
if (isSetConfiguration()) {