Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 88A50200C1D for ; Thu, 16 Feb 2017 12:14:55 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 8741E160B61; Thu, 16 Feb 2017 11:14:55 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D3EEC160B57 for ; Thu, 16 Feb 2017 12:14:54 +0100 (CET) Received: (qmail 97617 invoked by uid 500); 16 Feb 2017 11:14:53 -0000 Mailing-List: contact dev-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list dev@zookeeper.apache.org Received: (qmail 97211 invoked by uid 99); 16 Feb 2017 11:14:53 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Feb 2017 11:14:53 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 1374FDFAB2; Thu, 16 Feb 2017 11:14:53 +0000 (UTC) From: rakeshadr To: dev@zookeeper.apache.org Reply-To: dev@zookeeper.apache.org References: In-Reply-To: Subject: [GitHub] zookeeper pull request #179: ZOOKEEPER-2693: DOS attack on wchp/wchc four le... Content-Type: text/plain Message-Id: <20170216111453.1374FDFAB2@git1-us-west.apache.org> Date: Thu, 16 Feb 2017 11:14:53 +0000 (UTC) archived-at: Thu, 16 Feb 2017 11:14:55 -0000 Github user rakeshadr commented on a diff in the pull request: https://github.com/apache/zookeeper/pull/179#discussion_r101492640 --- Diff: src/java/main/org/apache/zookeeper/server/command/FourLetterCommands.java --- @@ -153,13 +155,33 @@ */ public final static int telnetCloseCmd = 0xfff4fffd; - final static HashMap cmd2String = - new HashMap(); + private static final String ZOOKEEPER_4LW_COMMANDS_WHITELIST = "zookeeper.4lw.commands.whitelist"; + + final static Map cmd2String = new HashMap(); + + final static Set whiteListedCommands = new HashSet(); public static Map getCmdMapView() { return Collections.unmodifiableMap(cmd2String); } + // ZOOKEEPER-2693: Only allow white listed commands. + public static Set getWhiteListedCmdView() { + if (!whiteListedCommands.isEmpty()) { + return Collections.unmodifiableSet(whiteListedCommands); + } + + String commands = System.getProperty(ZOOKEEPER_4LW_COMMANDS_WHITELIST); + if (commands != null) { + String[] list = commands.split(","); + for (String cmd : list) { + whiteListedCommands.add(cmd.trim()); + } + } + + return Collections.unmodifiableSet(whiteListedCommands); --- End diff -- Please add an INFO log message about the acceptable and configured `4lwords`. The log message will be printed only once during startup or first cmd invocation. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---