HDFS-11048. Audit Log should escape control characters. Contributed by Eric Badger

This commit is contained in:
Mingliang Liu 2016-10-28 10:53:14 -07:00
parent 1eae719bce
commit 8a9388e5f6
2 changed files with 12 additions and 0 deletions

View File

@ -17,6 +17,7 @@
*/ */
package org.apache.hadoop.hdfs.server.namenode; package org.apache.hadoop.hdfs.server.namenode;
import static org.apache.commons.lang.StringEscapeUtils.escapeJava;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_DEFAULT; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_DEFAULT;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_KEY; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_KEY;
import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_CALLER_CONTEXT_ENABLED_DEFAULT; import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_CALLER_CONTEXT_ENABLED_DEFAULT;
@ -6877,6 +6878,8 @@ public void logAuditEvent(boolean succeeded, String userName,
if (auditLog.isDebugEnabled() || if (auditLog.isDebugEnabled() ||
(auditLog.isInfoEnabled() && !debugCmdSet.contains(cmd))) { (auditLog.isInfoEnabled() && !debugCmdSet.contains(cmd))) {
final StringBuilder sb = STRING_BUILDER.get(); final StringBuilder sb = STRING_BUILDER.get();
src = escapeJava(src);
dst = escapeJava(dst);
sb.setLength(0); sb.setLength(0);
sb.append("allowed=").append(succeeded).append("\t"); sb.append("allowed=").append(succeeded).append("\t");
sb.append("ugi=").append(userName).append("\t"); sb.append("ugi=").append(userName).append("\t");

View File

@ -270,6 +270,15 @@ public void testAuditWebHdfsOpen() throws Exception {
verifyAuditLogsCheckPattern(true, 3, webOpenPattern); verifyAuditLogsCheckPattern(true, 3, webOpenPattern);
} }
/** make sure that "\r\n" isn't made into a newline in audit log */
@Test
public void testAuditCharacterEscape() throws Exception {
final Path file = new Path("foo" + "\r\n" + "bar");
setupAuditLogs();
fs.create(file);
verifyAuditLogsRepeat(true, 1);
}
/** Sets up log4j logger for auditlogs */ /** Sets up log4j logger for auditlogs */
private void setupAuditLogs() throws IOException { private void setupAuditLogs() throws IOException {
Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger(); Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();