You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2020/11/07 01:55:02 UTC
[pulsar] branch master updated: [pulsar-broker]
Security-Recommendation: Remove verbose error message with system info for
admin-api (#8454)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new de7da89 [pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api (#8454)
de7da89 is described below
commit de7da895d979f79b574139d7473344d811d472a3
Author: Rajan Dhabalia <rd...@apache.org>
AuthorDate: Fri Nov 6 17:54:33 2020 -0800
[pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api (#8454)
### Motivation
one of the security-recommendation report has listed system internal info in error-response which should be fixed.
**url:** `curl -X DELETE -H 'Content-Type: application/json' http://localhost:8080/admin/namespaces/sample/standalone/ns1/maxConsumerPerSubscription`
**Error-response:**
```
--- An unexpected error occurred in the server ---
Message: Invalid bundle range
Stacktrace:
java.lang.IllegalArgumentException: Invalid bundle range
at com.google.common.base.Preconditions.checkArgument(Preconditions.java:141)
at org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleRange(PulsarWebResource.java:480)
at org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleOwnership(PulsarWebResource.java:522)
at org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:541)
at org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:488)
at org.apache.pulsar.broker.admin.v1.Namespaces.deleteNamespaceBundle(Namespaces.java:229)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
```
---
.../java/org/apache/pulsar/broker/web/PulsarWebResource.java | 5 ++++-
.../java/org/apache/pulsar/broker/admin/AdminApiTest2.java | 10 ++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index 4e0afe1..eb8193b 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -477,7 +477,7 @@ public abstract class PulsarWebResource {
protected NamespaceBundle validateNamespaceBundleRange(NamespaceName fqnn, BundlesData bundles,
String bundleRange) {
try {
- checkArgument(bundleRange.contains("_"), "Invalid bundle range");
+ checkArgument(bundleRange.contains("_"), "Invalid bundle range: " + bundleRange);
String[] boundaries = bundleRange.split("_");
Long lowerEndpoint = Long.decode(boundaries[0]);
Long upperEndpoint = Long.decode(boundaries[1]);
@@ -489,6 +489,9 @@ public abstract class PulsarWebResource {
bundles);
nsBundles.validateBundle(nsBundle);
return nsBundle;
+ } catch (IllegalArgumentException e) {
+ log.error("[{}] Invalid bundle range {}/{}, {}", clientAppId(), fqnn.toString(), bundleRange, e.getMessage());
+ throw new RestException(Response.Status.PRECONDITION_FAILED, e.getMessage());
} catch (Exception e) {
log.error("[{}] Failed to validate namespace bundle {}/{}", clientAppId(), fqnn.toString(), bundleRange, e);
throw new RestException(e);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
index 31f24ad..83a7e34 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
@@ -1339,6 +1339,16 @@ public class AdminApiTest2 extends MockedPulsarServiceBaseTest {
}
@Test
+ public void testInvalidBundleErrorResponse() throws Exception {
+ try {
+ admin.namespaces().deleteNamespaceBundle("prop-xyz/ns1", "invalid-bundle");
+ fail("should have failed due to invalid bundle");
+ } catch (PreconditionFailedException e) {
+ assertTrue(e.getMessage().startsWith("Invalid bundle range"));
+ }
+ }
+
+ @Test
public void testMaxSubscriptionsPerTopic() throws Exception {
super.internalCleanup();
conf.setMaxSubscriptionsPerTopic(2);