hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amar Kamat (JIRA)" <j...@apache.org>
Subject [jira] Commented: (HADOOP-5442) The job history display needs to be paged
Date Mon, 16 Mar 2009 18:41:50 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12682405#action_12682405

Amar Kamat commented on HADOOP-5442:

Result of test-patch
[exec] -1 overall.  
     [exec]     +1 @author.  The patch does not contain any @author tags.
     [exec]     -1 tests included.  The patch doesn't appear to include any new or modified
     [exec]                         Please justify why no tests are needed for this patch.
     [exec]     +1 javadoc.  The javadoc tool did not generate any warning messages.
     [exec]     +1 javac.  The applied patch does not increase the total number of javac compiler
     [exec]     -1 findbugs.  The patch appears to introduce 1 new Findbugs warnings.
     [exec]     +1 Eclipse classpath. The patch retains Eclipse classpath integrity.
     [exec]     +1 release audit.  The applied patch does not increase the total number of
release audit warnings.

The findbugs warning is 
HTTP parameter directly written to JSP output, giving reflected XSS vulnerability in org.apache.hadoop.mapred.jobhistory_jsp

In class org.apache.hadoop.mapred.jobhistory_jsp
In method org.apache.hadoop.mapred.jobhistory_jsp._jspService(HttpServletRequest, HttpServletResponse)
Parameter 'search' Value generated at jobhistory_jsp.java:[line 146]
At jobhistory_jsp.java:[line 226] 
Another occurrence at jobhistory_jsp.java:[line 249] 
Another occurrence at jobhistory_jsp.java:[line 253]
Another occurrence at jobhistory_jsp.java:[line 260]

Here the search string is passed across pages.

> The job history display needs to be paged 
> ------------------------------------------
>                 Key: HADOOP-5442
>                 URL: https://issues.apache.org/jira/browse/HADOOP-5442
>             Project: Hadoop Core
>          Issue Type: Bug
>            Reporter: Owen O'Malley
>            Assignee: Amar Kamat
>         Attachments: HADOOP-5442-v1.12.patch, HADOOP-5442-v1.6.patch, HADOOP-5442-v1.9.patch
> Currently the list of job history will try to render the entire list of jobs that have
run. That doesn't scale up as more and more jobs run on a job tracker.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message