HDFS-4171. WebHDFS and HttpFs should accept only valid Unix user names. (tucu)

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1410824 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Alejandro Abdelnur 2012-11-18 04:10:29 +00:00
parent ecbb41923c
commit 6f80a2a76c
6 changed files with 137 additions and 5 deletions

View File

@ -31,6 +31,7 @@
import javax.ws.rs.ext.Provider;
import java.lang.reflect.Type;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.regex.Pattern;
@Provider
@ -40,13 +41,26 @@ public class UserProvider extends AbstractHttpContextInjectable<Principal> imple
public static final String USER_NAME_PARAM = "user.name";
public static final Pattern USER_PATTERN = Pattern.compile("[_a-zA-Z0-9]+");
public static final Pattern USER_PATTERN = Pattern.compile("^[A-Za-z_][A-Za-z0-9._-]*[$]?$");
private static class UserParam extends StringParam {
static class UserParam extends StringParam {
public UserParam(String user) {
super(USER_NAME_PARAM, user, USER_PATTERN);
}
@Override
public String parseParam(String str) {
if (str != null) {
int len = str.length();
if (len < 1 || len > 31) {
throw new IllegalArgumentException(MessageFormat.format(
"Parameter [{0}], invalid value [{1}], it's length must be between 1 and 31",
getName(), str));
}
}
return super.parseParam(str);
}
}
@Override

View File

@ -19,13 +19,18 @@
package org.apache.hadoop.lib.wsrs;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import java.security.Principal;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.hadoop.test.TestException;
import org.apache.hadoop.test.TestExceptionHelper;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.MethodRule;
import org.mockito.Mockito;
import org.slf4j.MDC;
@ -35,6 +40,9 @@
public class TestUserProvider {
@Rule
public MethodRule exceptionHelper = new TestExceptionHelper();
@Test
@SuppressWarnings("unchecked")
public void noUser() {
@ -92,4 +100,51 @@ public void getters() {
assertEquals(up.getInjectable(null, null, Principal.class), up);
assertNull(up.getInjectable(null, null, String.class));
}
@Test
@TestException(exception = IllegalArgumentException.class)
public void userNameEmpty() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
userParam.parseParam("");
}
@Test
@TestException(exception = IllegalArgumentException.class)
public void userNameTooLong() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
userParam.parseParam("a123456789012345678901234567890x");
}
@Test
@TestException(exception = IllegalArgumentException.class)
public void userNameInvalidStart() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
userParam.parseParam("1x");
}
@Test
@TestException(exception = IllegalArgumentException.class)
public void userNameInvalidDollarSign() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
userParam.parseParam("1$x");
}
@Test
public void userNameMinLength() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
assertNotNull(userParam.parseParam("a"));
}
@Test
public void userNameMaxLength() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
assertNotNull(userParam.parseParam("a123456789012345678901234567890"));
}
@Test
public void userNameValidDollarSign() {
UserProvider.UserParam userParam = new UserProvider.UserParam("username");
assertNotNull(userParam.parseParam("a$"));
}
}

View File

@ -611,6 +611,9 @@ Release 2.0.3-alpha - Unreleased
HDFS-4156. Seeking to a negative position should throw an IOE.
(Eli Reisman via eli)
HDFS-4171. WebHDFS and HttpFs should accept only valid Unix user
names. (tucu)
Release 2.0.2-alpha - 2012-09-07
INCOMPATIBLE CHANGES

View File

@ -48,7 +48,7 @@ public final String getDomain() {
@Override
final String parse(final String str) {
if (pattern != null) {
if (str != null && pattern != null) {
if (!pattern.matcher(str).matches()) {
throw new IllegalArgumentException("Invalid value: \"" + str
+ "\" does not belong to the domain " + getDomain());

View File

@ -19,6 +19,9 @@
import org.apache.hadoop.security.UserGroupInformation;
import java.text.MessageFormat;
import java.util.regex.Pattern;
/** User parameter. */
public class UserParam extends StringParam {
/** Parameter name. */
@ -26,14 +29,29 @@ public class UserParam extends StringParam {
/** Default parameter value. */
public static final String DEFAULT = "";
private static final Domain DOMAIN = new Domain(NAME, null);
private static final Domain DOMAIN = new Domain(NAME,
Pattern.compile("^[A-Za-z_][A-Za-z0-9._-]*[$]?$"));
private static String validateLength(String str) {
if (str == null) {
throw new IllegalArgumentException(
MessageFormat.format("Parameter [{0}], cannot be NULL", NAME));
}
int len = str.length();
if (len < 1 || len > 31) {
throw new IllegalArgumentException(MessageFormat.format(
"Parameter [{0}], invalid value [{1}], it's length must be between 1 and 31",
NAME, str));
}
return str;
}
/**
* Constructor.
* @param str a string representation of the parameter value.
*/
public UserParam(final String str) {
super(DOMAIN, str == null || str.equals(DEFAULT)? null: str);
super(DOMAIN, str == null || str.equals(DEFAULT)? null : validateLength(str));
}
/**

View File

@ -26,6 +26,9 @@
import org.junit.Assert;
import org.junit.Test;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
public class TestParam {
public static final Log LOG = LogFactory.getLog(TestParam.class);
@ -234,4 +237,43 @@ public void testToSortedStringEscapesURICharacters() {
final String actual = Param.toSortedString(sep, equalParam, ampParam);
Assert.assertEquals(expected, actual);
}
@Test
public void userNameEmpty() {
UserParam userParam = new UserParam("");
assertNull(userParam.getValue());
}
@Test(expected = IllegalArgumentException.class)
public void userNameTooLong() {
new UserParam("a123456789012345678901234567890x");
}
@Test(expected = IllegalArgumentException.class)
public void userNameInvalidStart() {
new UserParam("1x");
}
@Test(expected = IllegalArgumentException.class)
public void userNameInvalidDollarSign() {
new UserParam("1$x");
}
@Test
public void userNameMinLength() {
UserParam userParam = new UserParam("a");
assertNotNull(userParam.getValue());
}
@Test
public void userNameMaxLength() {
UserParam userParam = new UserParam("a123456789012345678901234567890");
assertNotNull(userParam.getValue());
}
@Test
public void userNameValidDollarSign() {
UserParam userParam = new UserParam("a$");
assertNotNull(userParam.getValue());
}
}