You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2020/11/07 01:55:02 UTC

[pulsar] branch master updated: [pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api (#8454)

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new de7da89  [pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api (#8454)
de7da89 is described below

commit de7da895d979f79b574139d7473344d811d472a3
Author: Rajan Dhabalia <rd...@apache.org>
AuthorDate: Fri Nov 6 17:54:33 2020 -0800

    [pulsar-broker] Security-Recommendation: Remove verbose error message with system info for admin-api (#8454)
    
    ### Motivation
    
    one of the security-recommendation report has listed system internal info in error-response which should be fixed.
    
    **url:** `curl -X DELETE -H 'Content-Type: application/json'  http://localhost:8080/admin/namespaces/sample/standalone/ns1/maxConsumerPerSubscription`
    **Error-response:**
    ```
     --- An unexpected error occurred in the server ---
    
    Message: Invalid bundle range
    
    Stacktrace:
    
    java.lang.IllegalArgumentException: Invalid bundle range
    	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:141)
    	at org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleRange(PulsarWebResource.java:480)
    	at org.apache.pulsar.broker.web.PulsarWebResource.validateNamespaceBundleOwnership(PulsarWebResource.java:522)
    	at org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:541)
    	at org.apache.pulsar.broker.admin.impl.NamespacesBase.internalDeleteNamespaceBundle(NamespacesBase.java:488)
    	at org.apache.pulsar.broker.admin.v1.Namespaces.deleteNamespaceBundle(Namespaces.java:229)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
    ```
---
 .../java/org/apache/pulsar/broker/web/PulsarWebResource.java   |  5 ++++-
 .../java/org/apache/pulsar/broker/admin/AdminApiTest2.java     | 10 ++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index 4e0afe1..eb8193b 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -477,7 +477,7 @@ public abstract class PulsarWebResource {
     protected NamespaceBundle validateNamespaceBundleRange(NamespaceName fqnn, BundlesData bundles,
             String bundleRange) {
         try {
-            checkArgument(bundleRange.contains("_"), "Invalid bundle range");
+            checkArgument(bundleRange.contains("_"), "Invalid bundle range: " + bundleRange);
             String[] boundaries = bundleRange.split("_");
             Long lowerEndpoint = Long.decode(boundaries[0]);
             Long upperEndpoint = Long.decode(boundaries[1]);
@@ -489,6 +489,9 @@ public abstract class PulsarWebResource {
                     bundles);
             nsBundles.validateBundle(nsBundle);
             return nsBundle;
+        } catch (IllegalArgumentException e) {
+            log.error("[{}] Invalid bundle range {}/{}, {}", clientAppId(), fqnn.toString(), bundleRange, e.getMessage());
+            throw new RestException(Response.Status.PRECONDITION_FAILED, e.getMessage());
         } catch (Exception e) {
             log.error("[{}] Failed to validate namespace bundle {}/{}", clientAppId(), fqnn.toString(), bundleRange, e);
             throw new RestException(e);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
index 31f24ad..83a7e34 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest2.java
@@ -1339,6 +1339,16 @@ public class AdminApiTest2 extends MockedPulsarServiceBaseTest {
     }
 
     @Test
+    public void testInvalidBundleErrorResponse() throws Exception {
+        try {
+            admin.namespaces().deleteNamespaceBundle("prop-xyz/ns1", "invalid-bundle");
+            fail("should have failed due to invalid bundle");
+        } catch (PreconditionFailedException e) {
+            assertTrue(e.getMessage().startsWith("Invalid bundle range"));
+        }
+    }
+
+    @Test
     public void testMaxSubscriptionsPerTopic() throws Exception {
         super.internalCleanup();
         conf.setMaxSubscriptionsPerTopic(2);