hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-8811) REST service ignores misspelled "check=" parameter, causing unexpected mutations
Date Thu, 27 Jun 2013 12:42:20 GMT

    [ https://issues.apache.org/jira/browse/HBASE-8811?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13694675#comment-13694675
] 

Hudson commented on HBASE-8811:
-------------------------------

Integrated in HBase-TRUNK-on-Hadoop-2.0.0 #586 (See [https://builds.apache.org/job/HBase-TRUNK-on-Hadoop-2.0.0/586/])
    HBASE-8811. REST service ignores misspelled 'check' parameter, causing unexpected mutations
(Chip Salzenberg and Andrew Purtell) (Revision 1497209)

     Result = FAILURE
apurtell : 
Files : 
* /hbase/trunk/hbase-server/src/main/java/org/apache/hadoop/hbase/rest/RowResource.java
* /hbase/trunk/hbase-server/src/test/java/org/apache/hadoop/hbase/rest/TestRowResource.java

                
> REST service ignores misspelled "check=" parameter, causing unexpected mutations
> --------------------------------------------------------------------------------
>
>                 Key: HBASE-8811
>                 URL: https://issues.apache.org/jira/browse/HBASE-8811
>             Project: HBase
>          Issue Type: Bug
>          Components: REST
>    Affects Versions: 0.98.0, 0.95.2, 0.94.9
>            Reporter: Chip Salzenberg
>            Assignee: Chip Salzenberg
>            Priority: Critical
>             Fix For: 0.98.0, 0.95.2, 0.94.9
>
>         Attachments: 8811-0.94.patch, 8811.patch
>
>
> In rest.RowResource.update(), this code keeps executing a request if a misspelled check=
parameter is provided.
> {noformat}
>     if (CHECK_PUT.equalsIgnoreCase(check)) {
>       return checkAndPut(model);
>     } else if (CHECK_DELETE.equalsIgnoreCase(check)) {
>       return checkAndDelete(model);
>     } else if (check != null && check.length() > 0) {
>       LOG.warn("Unknown check value: " + check + ", ignored");
>     }
> {noformat}
> By my reading of the code, this results in the provided cell value that was intended
as a check instead being treated as a mutation, which is sure to destroy user data.  Thus
the priority of this bug, as it can cause corruption.
> I suggest that a better reaction than a warning would be, approximately:
> {noformat}
> return Response.status(Response.Status.BAD_REQUEST)
>         .type(MIMETYPE_TEXT).entity("Invalid check value '" + check + "'")
>         .build();
> {noformat}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message