Return-Path: 
 <issues-return-188320-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D9692175AD
	for <apmail-hbase-issues-archive@www.apache.org>;
 Tue, 24 Mar 2015 20:57:09 +0000 (UTC)
Received: (qmail 25816 invoked by uid 500); 24 Mar 2015 20:56:53 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 25766 invoked by uid 500); 24 Mar 2015 20:56:53 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 25754 invoked by uid 99); 24 Mar 2015 20:56:53 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Mar 2015 20:56:53 +0000
Date: Tue, 24 Mar 2015 20:56:53 +0000 (UTC)
From: "Hadoop QA (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12783455.1426812835000.14033.1427230613798@Atlassian.JIRA>
In-Reply-To: <JIRA.12783455.1426812835000@Atlassian.JIRA>
References: <JIRA.12783455.1426812835000@Atlassian.JIRA>
 <JIRA.12783455.1426812835915@arcas>
Subject: [jira] [Commented] (HBASE-13294) Fix the critical ancient loopholes
 in security testing infrastructure.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HBASE-13294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14378579#comment-14378579 ] 

Hadoop QA commented on HBASE-13294:
-----------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest attachment 
  http://issues.apache.org/jira/secure/attachment/12706957/HBASE-13294-0.98.patch
  against 0.98 branch at commit fcc09dcd38b8543a9dd40212206cb4231620dac9.
  ATTACHMENT ID: 12706957

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 18 new or modified tests.

    {color:green}+1 hadoop versions{color}. The patch compiles with all supported hadoop versions (2.4.1 2.5.2 2.6.0)

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of javac compiler warnings.

    {color:red}-1 javadoc{color}.  The javadoc tool appears to have generated 25 warning messages.

    {color:green}+1 checkstyle{color}.  The applied patch does not increase the total number of checkstyle errors

    {color:red}-1 findbugs{color}.  The patch appears to introduce 8 new Findbugs (version 2.0.3) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines longer than 100

  {color:green}+1 site{color}.  The mvn site goal succeeds with this patch.

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//testReport/
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-annotations.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop2-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-common.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-hadoop-compat.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-protocol.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-prefix-tree.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-client.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-examples.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-thrift.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-rest.html
Findbugs warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/newPatchFindbugsWarningshbase-server.html
Checkstyle Errors: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/checkstyle-aggregate.html

  Javadoc warnings: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//artifact/patchprocess/patchJavadocWarnings.txt
Console output: https://builds.apache.org/job/PreCommit-HBASE-Build/13392//console

This message is automatically generated.

> Fix the critical ancient loopholes in security testing infrastructure.
> ----------------------------------------------------------------------
>
>                 Key: HBASE-13294
>                 URL: https://issues.apache.org/jira/browse/HBASE-13294
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Srikanth Srungarapu
>            Assignee: Srikanth Srungarapu
>         Attachments: HBASE-13294-0.98.patch, HBASE-13294-0.98.patch, HBASE-13294.patch, HBASE-13294_v2.patch, HBASE-13294_v3.patch, HBASE-13294_v3.patch, HBASE-13294_v4.patch, HBASE-13294_v5.patch, HBASE-13294_v6.patch, HBASE-13294_v6.patch
>
>
> Unfortunately, the "verifyDenied" method doesn't fail when action parameter returns null. The relevant code snippet
> {code}
> try {
>         Object obj = user.runAs(action);
>         if (requireException) {
>           fail("Expected exception was not thrown for user '" + user.getShortName() + "'");
>         }
>         if (obj != null && obj instanceof List<?>) {
>           List<?> results = (List<?>) obj;
>           if (results != null && !results.isEmpty()) {
>             fail("Unexpected results for user '" + user.getShortName() + "'");
>           }
>         }
>       }
> {code}
> As you can see, when obj is null, it returns silently. 
> Fixing this issue has uncovered another major bug. While constructing actions, we're using TEST_UTIL.getConnection(), which replaces the "doAs" user with the user who initiated the connection. I really am grateful to [~mbertozzi] without whom debugging this would have been a nightmare. 
> Now, fixing these two issues have uncovered more issues in our tests :). The main one is we're allowing the table owner to truncate table in code. But, in test, we're not allowing him. We should either remove the code that allows owner or document that the table owner can truncate table.
> The other minor issues include granting permissions to namespace, but checking whether user was able to access tables inside other namespace.  
> That's it, folks! 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)