hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-17560) HMaster redirect should sanity check user input
Date Fri, 27 Jan 2017 19:33:24 GMT
Sean Busbey created HBASE-17560:
-----------------------------------

             Summary: HMaster redirect should sanity check user input
                 Key: HBASE-17560
                 URL: https://issues.apache.org/jira/browse/HBASE-17560
             Project: HBase
          Issue Type: Bug
          Components: master, security, UI
            Reporter: Sean Busbey


We should do some sanity checking on the user provided data before we blindly pass it to a
redirect.

i.e.

{code}
  public static class RedirectServlet extends HttpServlet {
    private static final long serialVersionUID = 2894774810058302472L;
    private static int regionServerInfoPort;

    @Override
    public void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {
      String redirectUrl = request.getScheme() + "://"
        + request.getServerName() + ":" + regionServerInfoPort
        + request.getRequestURI();
      response.sendRedirect(redirectUrl);
    }
  }
{code}

e.g.

* Are we reidrecting to a server that is ours?
* Did we validate the path/query string?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message