You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by el...@apache.org on 2019/05/28 20:33:14 UTC
[hbase] branch master updated: HBASE-22467 UI fixes to enable Knox
proxying
This is an automated email from the ASF dual-hosted git repository.
elserj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new 858d30d HBASE-22467 UI fixes to enable Knox proxying
858d30d is described below
commit 858d30dd30159de70ac62d44c0ee0278708f2dec
Author: Josh Elser <el...@apache.org>
AuthorDate: Thu May 23 20:39:52 2019 -0400
HBASE-22467 UI fixes to enable Knox proxying
Closes #261
Signed-off-by: Sean Busbey <bu...@apache.org>
---
.../hadoop/hbase/http/ProfileOutputServlet.java | 22 ++++++++-
.../apache/hadoop/hbase/http/ProfileServlet.java | 2 +-
.../hbase/http/TestProfileOutputServlet.java | 55 ++++++++++++++++++++++
.../hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon | 3 +-
.../hbase/tmpl/master/MasterStatusTmpl.jamon | 4 +-
.../hbase/tmpl/regionserver/RSStatusTmpl.jamon | 4 +-
.../main/resources/hbase-webapps/master/table.jsp | 2 +-
7 files changed, 83 insertions(+), 9 deletions(-)
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileOutputServlet.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileOutputServlet.java
index 670c3ac..2ebcfb9 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileOutputServlet.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileOutputServlet.java
@@ -19,6 +19,7 @@ package org.apache.hadoop.hbase.http;
import java.io.File;
import java.io.IOException;
+import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -37,6 +38,8 @@ public class ProfileOutputServlet extends DefaultServlet {
private static final long serialVersionUID = 1L;
private static final Logger LOG = LoggerFactory.getLogger(ProfileOutputServlet.class);
private static final int REFRESH_PERIOD = 2;
+ // Alphanumeric characters, plus percent (url-encoding), equals, and ampersand
+ private static final Pattern ALPHA_NUMERIC = Pattern.compile("[a-zA-Z0-9\\%\\=\\&]*");
@Override
protected void doGet(final HttpServletRequest req, final HttpServletResponse resp)
@@ -48,11 +51,26 @@ public class ProfileOutputServlet extends DefaultServlet {
// will be <100 bytes (in all modes).
if (requestedFile.length() < 100) {
LOG.info(requestedFile + " is incomplete. Sending auto-refresh header.");
- resp.setHeader("Refresh", REFRESH_PERIOD + "," + req.getRequestURI());
+ String refreshUrl = req.getRequestURI();
+ // Rebuild the query string (if we have one)
+ if (req.getQueryString() != null) {
+ refreshUrl += "?" + sanitize(req.getQueryString());
+ }
+ ProfileServlet.setResponseHeader(resp);
+ resp.setHeader("Refresh", REFRESH_PERIOD + ";" + refreshUrl);
resp.getWriter().write("This page will be auto-refreshed every " + REFRESH_PERIOD +
- " seconds until the output file is ready.");
+ " seconds until the output file is ready. Redirecting to " + refreshUrl);
} else {
super.doGet(req, resp);
}
}
+
+ static String sanitize(String input) {
+ // Basic test to try to avoid any XSS attacks or HTML content showing up.
+ // Duplicates HtmlQuoting a little, but avoid destroying ampersand.
+ if (ALPHA_NUMERIC.matcher(input).matches()) {
+ return input;
+ }
+ throw new RuntimeException("Non-alphanumeric data found in input, aborting.");
+ }
}
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileServlet.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileServlet.java
index 5dfaa32..642d05a 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileServlet.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/ProfileServlet.java
@@ -361,7 +361,7 @@ public class ProfileServlet extends HttpServlet {
return Output.SVG;
}
- private static void setResponseHeader(final HttpServletResponse response) {
+ static void setResponseHeader(final HttpServletResponse response) {
response.setHeader(ACCESS_CONTROL_ALLOW_METHODS, ALLOWED_METHODS);
response.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN, "*");
response.setContentType(CONTENT_TYPE_TEXT);
diff --git a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestProfileOutputServlet.java b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestProfileOutputServlet.java
new file mode 100644
index 0000000..77d6c45
--- /dev/null
+++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestProfileOutputServlet.java
@@ -0,0 +1,55 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.hadoop.hbase.http;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.hadoop.hbase.HBaseClassTestRule;
+import org.apache.hadoop.hbase.testclassification.SmallTests;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category({SmallTests.class})
+public class TestProfileOutputServlet {
+ @ClassRule
+ public static final HBaseClassTestRule CLASS_RULE =
+ HBaseClassTestRule.forClass(TestProfileOutputServlet.class);
+
+ @Test
+ public void testSanitization() {
+ List<String> good = Arrays.asList("abcd", "key=value", "key1=value&key2=value2", "");
+ for (String input : good) {
+ assertEquals(input, ProfileOutputServlet.sanitize(input));
+ }
+ List<String> bad = Arrays.asList("function(){console.log(\"oops\")}", "<strong>uhoh</strong>");
+ for (String input : bad) {
+ try {
+ ProfileOutputServlet.sanitize(input);
+ fail("Expected sanitization of \"" + input + "\" to fail");
+ } catch (RuntimeException e) {
+ // Pass
+ }
+ }
+ }
+
+}
diff --git a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon
index c4dff14..f700d39 100644
--- a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon
+++ b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/common/TaskMonitorTmpl.jamon
@@ -25,6 +25,7 @@ org.apache.hadoop.util.StringUtils;
TaskMonitor taskMonitor = TaskMonitor.get();
String filter = "general";
String format = "html";
+String parent = "";
</%args>
<%if format.equals("json")%>
@@ -79,7 +80,7 @@ String format = "html";
<%args>
String filter;
</%args>
- <a href="?format=json&filter=<% filter %>">View as JSON</a>
+ <a href="<% parent %>?format=json&filter=<% filter %>">View as JSON</a>
</%def>
<%def renderTasks>
diff --git a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/master/MasterStatusTmpl.jamon b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/master/MasterStatusTmpl.jamon
index 1062856..5c5f7fe 100644
--- a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/master/MasterStatusTmpl.jamon
+++ b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/master/MasterStatusTmpl.jamon
@@ -146,7 +146,7 @@ AssignmentManager assignmentManager = master.getAssignmentManager();
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav">
- <li class="active"><a href="/">Home</a></li>
+ <li class="active"><a href="/master-status">Home</a></li>
<li><a href="/tablesDetailed.jsp">Table Details</a></li>
<%if master.isActiveMaster() %>
<li><a href="/procedures.jsp">Procedures & Locks</a></li>
@@ -279,7 +279,7 @@ AssignmentManager assignmentManager = master.getAssignmentManager();
<section>
- <& ../common/TaskMonitorTmpl; filter = filter &>
+ <& ../common/TaskMonitorTmpl; filter = filter; parent = "/master-status" &>
</section>
<section>
diff --git a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/regionserver/RSStatusTmpl.jamon b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/regionserver/RSStatusTmpl.jamon
index 2496b5d..bee5da3 100644
--- a/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/regionserver/RSStatusTmpl.jamon
+++ b/hbase-server/src/main/jamon/org/apache/hadoop/hbase/tmpl/regionserver/RSStatusTmpl.jamon
@@ -107,7 +107,7 @@ org.apache.hadoop.hbase.zookeeper.MasterAddressTracker;
</div>
<div class="collapse navbar-collapse">
<ul class="nav navbar-nav">
- <li class="active"><a href="/">Home</a></li>
+ <li class="active"><a href="/rs-status">Home</a></li>
<li><a href="/processRS.jsp">Process Metrics</a></li>
<li><a href="/logs/">Local Logs</a></li>
<li><a href="/logLevel">Log Level</a></li>
@@ -143,7 +143,7 @@ org.apache.hadoop.hbase.zookeeper.MasterAddressTracker;
</section>
<section>
- <& ../common/TaskMonitorTmpl; filter = filter &>
+ <& ../common/TaskMonitorTmpl; filter = filter; parent = "/rs-status" &>
</section>
<section>
diff --git a/hbase-server/src/main/resources/hbase-webapps/master/table.jsp b/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
index ced5b44..50ff969 100644
--- a/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
+++ b/hbase-server/src/main/resources/hbase-webapps/master/table.jsp
@@ -230,7 +230,7 @@ if ( fqtn != null ) {
%>
<tr>
<td><%= escapeXml(meta.getRegionNameAsString()) %></td>
- <td><a href="http://<%= hostAndPort %>/"><%= StringEscapeUtils.escapeHtml4(hostAndPort) %></a></td>
+ <td><a href="http://<%= hostAndPort %>/rs-status/"><%= StringEscapeUtils.escapeHtml4(hostAndPort) %></a></td>
<td><%= readReq%></td>
<td><%= writeReq%></td>
<td><%= fileSize%></td>