HDFS-11048. Audit Log should escape control characters. Contributed by Eric Badger

hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java

@@ -17,6 +17,7 @@
  */
 package org.apache.hadoop.hdfs.server.namenode;
 
+import static org.apache.commons.lang.StringEscapeUtils.escapeJava;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_DEFAULT;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.FS_TRASH_INTERVAL_KEY;
 import static org.apache.hadoop.fs.CommonConfigurationKeysPublic.HADOOP_CALLER_CONTEXT_ENABLED_DEFAULT;
@@ -6877,6 +6878,8 @@ public void logAuditEvent(boolean succeeded, String userName,
       if (auditLog.isDebugEnabled() ||
           (auditLog.isInfoEnabled() && !debugCmdSet.contains(cmd))) {
         final StringBuilder sb = STRING_BUILDER.get();
+        src = escapeJava(src);
+        dst = escapeJava(dst);
         sb.setLength(0);
         sb.append("allowed=").append(succeeded).append("\t");
         sb.append("ugi=").append(userName).append("\t");

hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogs.java

@@ -270,6 +270,15 @@ public void testAuditWebHdfsOpen() throws Exception {
     verifyAuditLogsCheckPattern(true, 3, webOpenPattern);
   }
 
+  /** make sure that "\r\n" isn't made into a newline in audit log */
+  @Test
+  public void testAuditCharacterEscape() throws Exception {
+    final Path file = new Path("foo" + "\r\n" + "bar");
+    setupAuditLogs();
+    fs.create(file);
+    verifyAuditLogsRepeat(true, 1);
+  }
+
   /** Sets up log4j logger for auditlogs */
   private void setupAuditLogs() throws IOException {
     Logger logger = ((Log4JLogger) FSNamesystem.auditLog).getLogger();