You are viewing a plain text version of this content. The canonical link for it is here.

Posted to reviews@ambari.apache.org by Attila Magyar <am...@hortonworks.com> on 2017/04/24 07:32:06 UTC

Review Request 58657: Remove user input from invalid renderer error message

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/
-----------------------------------------------------------

Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.


Bugs: AMBARI-20823
    https://issues.apache.org/jira/browse/AMBARI-20823


Repository: ambari


Description
-------

Remove user input from invalid renderer error message to avoid potential XSS attacks.

throw new IllegalArgumentException("Invalid renderer name: " + name + " for resource of type: " + m_type);
should be removed and the error message changed to: "Invalid renderer name for resource of type <resource type>"


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java 99bcd03 
  ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java e076268 


Diff: https://reviews.apache.org/r/58657/diff/1/


Testing
-------

modified existing unittest

existing tests: PENDING


Thanks,

Attila Magyar

Re: Review Request 58657: Remove user input from invalid renderer error message

Posted by Sebastian Toader <st...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/#review172761
-----------------------------------------------------------


Ship it!




Ship It!

- Sebastian Toader


On April 24, 2017, 9:59 a.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58657/
> -----------------------------------------------------------
> 
> (Updated April 24, 2017, 9:59 a.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-20823
>     https://issues.apache.org/jira/browse/AMBARI-20823
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Remove user input from invalid renderer error message to avoid potential XSS attacks.
> 
> throw new IllegalArgumentException("Invalid renderer name: " + name + " for resource of type: " + m_type);
> should be removed and the error message changed to: "Invalid renderer name for resource of type <resource type>"
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java 99bcd03 
>   ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java e076268 
> 
> 
> Diff: https://reviews.apache.org/r/58657/diff/1/
> 
> 
> Testing
> -------
> 
> modified existing unittest
> 
> existing tests: passed
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Re: Review Request 58657: Remove user input from invalid renderer error message

Posted by Attila Doroszlai <ad...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/#review172762
-----------------------------------------------------------


Ship it!




Ship It!

- Attila Doroszlai


On April 24, 2017, 9:59 a.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58657/
> -----------------------------------------------------------
> 
> (Updated April 24, 2017, 9:59 a.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-20823
>     https://issues.apache.org/jira/browse/AMBARI-20823
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Remove user input from invalid renderer error message to avoid potential XSS attacks.
> 
> throw new IllegalArgumentException("Invalid renderer name: " + name + " for resource of type: " + m_type);
> should be removed and the error message changed to: "Invalid renderer name for resource of type <resource type>"
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java 99bcd03 
>   ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java e076268 
> 
> 
> Diff: https://reviews.apache.org/r/58657/diff/1/
> 
> 
> Testing
> -------
> 
> modified existing unittest
> 
> existing tests: passed
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Re: Review Request 58657: Remove user input from invalid renderer error message

Posted by Robert Levas <rl...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/#review172763
-----------------------------------------------------------


Ship it!




Ship It!

- Robert Levas


On April 24, 2017, 3:59 a.m., Attila Magyar wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/58657/
> -----------------------------------------------------------
> 
> (Updated April 24, 2017, 3:59 a.m.)
> 
> 
> Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.
> 
> 
> Bugs: AMBARI-20823
>     https://issues.apache.org/jira/browse/AMBARI-20823
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> Remove user input from invalid renderer error message to avoid potential XSS attacks.
> 
> throw new IllegalArgumentException("Invalid renderer name: " + name + " for resource of type: " + m_type);
> should be removed and the error message changed to: "Invalid renderer name for resource of type <resource type>"
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java 99bcd03 
>   ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java e076268 
> 
> 
> Diff: https://reviews.apache.org/r/58657/diff/1/
> 
> 
> Testing
> -------
> 
> modified existing unittest
> 
> existing tests: passed
> 
> 
> Thanks,
> 
> Attila Magyar
> 
>

Re: Review Request 58657: Remove user input from invalid renderer error message

Posted by Attila Magyar <am...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/58657/
-----------------------------------------------------------

(Updated April 24, 2017, 7:59 a.m.)


Review request for Ambari, Attila Doroszlai, Laszlo Puskas, Robert Levas, and Sebastian Toader.


Changes
-------

test result


Bugs: AMBARI-20823
    https://issues.apache.org/jira/browse/AMBARI-20823


Repository: ambari


Description
-------

Remove user input from invalid renderer error message to avoid potential XSS attacks.

throw new IllegalArgumentException("Invalid renderer name: " + name + " for resource of type: " + m_type);
should be removed and the error message changed to: "Invalid renderer name for resource of type <resource type>"


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/api/resources/BaseResourceDefinition.java 99bcd03 
  ambari-server/src/test/java/org/apache/ambari/server/api/resources/BaseResourceDefinitionTest.java e076268 


Diff: https://reviews.apache.org/r/58657/diff/1/


Testing (updated)
-------

modified existing unittest

existing tests: passed


Thanks,

Attila Magyar