accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Peterson (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-4336) Command line interpreter escaping issues
Date Wed, 08 Jun 2016 21:23:21 GMT


Matt Peterson commented on ACCUMULO-4336:

Hey Josh,

What do you think the patch should do?  A defensive approach could minimally prevent compactions
when an empty string is detected, throwing an exception.  That approach doesn't take into
account non-empty endRows that would also be altered, like \"abcd being changed to abcd. 
The stripping of leading and trailing quotes within the commons-cli dependency would need
to be disabled (which does not seem to be an existing capability within that API) or Accumulo
would need to do its own parsing/validation.  We could potentially replace any \" characters
in the command with \x22 but that may deserve more thought.


> Command line interpreter escaping issues
> ----------------------------------------
>                 Key: ACCUMULO-4336
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>          Components: shell
>            Reporter: Matt Peterson
>            Priority: Minor
> To see the problem, add the following unit test.  It will fail.
> {|borderStyle=solid}
> Test
> public void scanEscapedQuote() throws Exception {
>   exec("createtable test", true);
>   exec("insert \\\" f q v", true);
>   exec("scan", true, "\" f: q []    v"); // passes
>   exec("scan -e \\\"", true, "\" f: q []    v"); // fails
>   exec("deletetable test -f", true, "Table: [test] has been deleted");
> }
> {code}
> It appears that the commons-cli library that is used for parsing commands will strip
the leading \" from the option's value and return an empty string.  
> {, line 332|borderStyle=solid}
> opt.addValueForProcessing(Util.stripLeadingAndTrailingQuotes(str));
> {code}
> For scans, an empty string as an end row will cause the scan to do nothing, which is
a reasonable way to fail.  
> For compactions, an empty string as an end row will cause the end row to be ignored,
which can lead to accidentally initiating a compaction over much of a table.  It is not possible
to test the compaction issue with ShellTest because MockTableOperationsImpl does not do anything
with compactions.  But the problem code can be seen in the constructor for CompactRange:
> {|borderStyle=solid}
> this.endRow = endRow.length == 0 ? null : endRow;
> {code}
> This code will treat an end row of \" as though there was no end row at all.
> The workaround for this is to use the \x22 instead of \".
> Additionally, some characters are not possible to include as either begin or end rows.
 For example, a ! character cannot be escaped but without escaping will crash the shell.

This message was sent by Atlassian JIRA

View raw message