From 4d9f9e546ff9d8de75d08bf17d038c7d1ed3bc11 Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Thu, 7 May 2015 15:25:26 -0700 Subject: [PATCH] HDFS-8037. CheckAccess in WebHDFS silently accepts malformed FsActions parameters. Contributed by Walter Su. --- .../hdfs/web/resources/FsActionParam.java | 2 +- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 ++ .../hadoop-hdfs/src/site/markdown/WebHDFS.md | 4 +- .../hadoop/hdfs/web/resources/TestParam.java | 54 +++++++++++++++++++ 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/resources/FsActionParam.java b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/resources/FsActionParam.java index c840196003..726a229ed0 100644 --- a/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/resources/FsActionParam.java +++ b/hadoop-hdfs-project/hadoop-hdfs-client/src/main/java/org/apache/hadoop/hdfs/web/resources/FsActionParam.java @@ -30,7 +30,7 @@ public class FsActionParam extends StringParam { /** Default parameter value. */ public static final String DEFAULT = NULL; - private static String FS_ACTION_PATTERN = "[rwx-]{3}"; + private static String FS_ACTION_PATTERN = "[r-][w-][x-]"; private static final Domain DOMAIN = new Domain(NAME, Pattern.compile(FS_ACTION_PATTERN)); diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index be72b439d5..b4f204216c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -648,6 +648,9 @@ Release 2.8.0 - UNRELEASED HDFS-8321. CacheDirectives and CachePool operations should throw RetriableException in safemode. (wheat9) + HDFS-8037. CheckAccess in WebHDFS silently accepts malformed FsActions + parameters. (wheat9) + Release 2.7.1 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/WebHDFS.md b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/WebHDFS.md index 6432c57ae1..e6e41d95c0 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/WebHDFS.md +++ b/hadoop-hdfs-project/hadoop-hdfs/src/site/markdown/WebHDFS.md @@ -1690,8 +1690,8 @@ See also: [Proxy Users](#Proxy_Users) | Description | File system operation read/write/execute | | Type | String | | Default Value | null (an invalid value) | -| Valid Values | Strings matching regex pattern  "[rwx-]{3} " | -| Syntax |  "[rwx-]{3} " | +| Valid Values | Strings matching regex pattern  "[r-][w-][x-] " | +| Syntax |  "[r-][w-][x-] " | See also: [`CHECKACCESS`](#Check_access), diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/resources/TestParam.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/resources/TestParam.java index a84243e7d4..3728df0ec7 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/resources/TestParam.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/web/resources/TestParam.java @@ -399,4 +399,58 @@ public void testSnapshotNameParam() { Assert.assertEquals("s1", s1.getValue()); Assert.assertEquals("s2", s2.getValue()); } + + @Test + public void testFsActionParam() { + new FsActionParam("rwx"); + new FsActionParam("rw-"); + new FsActionParam("r-x"); + new FsActionParam("-wx"); + new FsActionParam("r--"); + new FsActionParam("-w-"); + new FsActionParam("--x"); + new FsActionParam("---"); + + try { + new FsActionParam("rw"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + + try { + new FsActionParam("qwx"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + + try { + new FsActionParam("qrwx"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + + try { + new FsActionParam("rwxx"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + + try { + new FsActionParam("xwr"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + + try { + new FsActionParam("r-w"); + Assert.fail(); + } catch(IllegalArgumentException e) { + LOG.info("EXPECTED: " + e); + } + } }