chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Yang <ey...@yahoo-inc.com>
Subject Re: possible hicc problems?
Date Fri, 22 May 2009 17:10:22 GMT
"hostname" was replaced with %22hostname%22 because the quote characters and
< and > sign are escaped to prevent SQL injection attacks and cross site
scripting attacks. 

The condition part of the SQL statement should be prepared and execute the
statement with the list of selected host.  I think this is fixed for the
trunk version of HICC.  If this doesn't resolve the problem, could you
output the query string before SQL execution in
single-series-javascript-chart.jsp, and see what has executed.
List out the content of the parms ArrayList as well.

Regards,
Eric


On 5/21/09 8:52 PM, "Ariel Rabkin" <asrabkin@gmail.com> wrote:

> Howdy all.
> 
> So I now have HICC displaying Hadoop metrics (yay!)
> 
> But it seems to work wonkily.  I was messing around with adding new
> things to display, and wound up injuring hicc somehow.  Symptom: a
> whole bunch of graphs refuse to display, just drawing whitespace.
> And intead of showing actual machine names, the host selector widget
> has HTTP escapes around the names.
> So "hostname" got replaced with  %22hostname%22.  Why?
> 
> I had the following in my catalina.out:
> 
> May 21, 2009 5:31:46 PM org.apache.catalina.startup.Catalina start
> -----------
> INFO: Server startup in 23689 ms
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: SQLException: Unknown
> column 'heartbeat_avg_time' in 'field list'
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: SQLState: 42S22
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: VendorError: 1054
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: SQLException: Unknown
> column 'heartbeat_avg_time' in 'field list'
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: SQLState: 42S22
> 09/05/21 20:28:57 ERROR hicc.DatasetMapper: VendorError: 1054
> 09/05/21 20:33:08 ERROR hicc.DatasetMapper: SQLException: You have an
> error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near '%27
> %27,process_name) as process,threads_blocked from hadoop_jvm_479_month
> where' at line 1
> 09/05/21 20:33:08 ERROR hicc.DatasetMapper: SQLState: 42000
> 09/05/21 20:34:02 ERROR hicc.DatasetMapper: VendorError: 1064
> 09/05/21 20:39:13 INFO util.XssFilter: XssFilter.getParameterValues:
> cannot get parameter for: table
> 09/05/21 20:39:13 ERROR hicc.DatasetMapper: SQLException: You have an
> error in your SQL syntax; check the manual that corresponds to your
> MySQL server version for the right syntax to use near 'from
> cluster_system_metrics_2055_week where timestamp >= '2009-05-22 02:39'
> and ' at line 1
> 09/05/21 20:39:13 ERROR hicc.DatasetMapper: SQLState: 42000
> 09/05/21 20:39:13 ERROR hicc.DatasetMapper: VendorError: 1064
> 09/05/21 20:43:16 ERROR hicc.DatasetMapper: SQLException: Unknown
> column 'hosts' in 'field list'
> 09/05/21 20:43:16 ERROR hicc.DatasetMapper: SQLState: 42S22
> --------
> 


Mime
View raw message