accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From milleruntime <...@git.apache.org>
Subject [GitHub] accumulo pull request #289: ACCUMULO-4677 Sanitizing PathParam values in RES...
Date Fri, 04 Aug 2017 16:19:57 GMT
Github user milleruntime commented on a diff in the pull request:

    https://github.com/apache/accumulo/pull/289#discussion_r131425948
  
    --- Diff: server/monitor/src/main/java/org/apache/accumulo/monitor/rest/trace/TracesResource.java
---
    @@ -119,16 +125,27 @@ public Void run() {
       /**
        * Generates a list of traces filtered by type and range of minutes
        *
    -   * @param type
    +   * @param typeParameter
        *          Type of the trace
        * @param minutes
        *          Range of minutes
        * @return List of traces filtered by type and range
        */
       @Path("listType/{type}/{minutes}")
       @GET
    -  public TraceType getTracesType(@PathParam("type") String type, @PathParam("minutes")
int minutes) throws Exception {
    +  public TraceType getTracesType(@PathParam("type") String typeParameter, @PathParam("minutes")
int minutes) throws Exception {
    +
    +    if (StringUtils.isEmpty(typeParameter)) {
    +      throw new Exception("Specified type was empty");
    +    }
     
    +    // Need finalized value for use in anonymous function below.
    +    final String type = ParameterValidator.sanitizeParameter(typeParameter);
    +    
    +    if (minutes >= 60 || minutes < 0) {
    +      throw new Exception("minutes was not of range [0-59], was " + String.valueOf(minutes));
    --- End diff --
    
    Should also use constants here.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message