hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sean Busbey (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-17560) HMaster redirect should sanity check user input
Date Fri, 27 Jan 2017 19:33:24 GMT
Sean Busbey created HBASE-17560:

             Summary: HMaster redirect should sanity check user input
                 Key: HBASE-17560
                 URL: https://issues.apache.org/jira/browse/HBASE-17560
             Project: HBase
          Issue Type: Bug
          Components: master, security, UI
            Reporter: Sean Busbey

We should do some sanity checking on the user provided data before we blindly pass it to a


  public static class RedirectServlet extends HttpServlet {
    private static final long serialVersionUID = 2894774810058302472L;
    private static int regionServerInfoPort;

    public void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {
      String redirectUrl = request.getScheme() + "://"
        + request.getServerName() + ":" + regionServerInfoPort
        + request.getRequestURI();


* Are we reidrecting to a server that is ours?
* Did we validate the path/query string?

This message was sent by Atlassian JIRA

View raw message