HDDS-2158. Fixing Json Injection Issue in JsonUtils. (#1486)
This commit is contained in:
parent
f3eaa84f9d
commit
8de4374427
@ -54,7 +54,7 @@ public class ContainerInfo implements Comparator<ContainerInfo>,
|
|||||||
mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
|
mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
|
||||||
mapper
|
mapper
|
||||||
.setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.NONE);
|
.setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.NONE);
|
||||||
WRITER = mapper.writer();
|
WRITER = mapper.writerWithDefaultPrettyPrinter();
|
||||||
}
|
}
|
||||||
|
|
||||||
private HddsProtos.LifeCycleState state;
|
private HddsProtos.LifeCycleState state;
|
||||||
|
@ -43,10 +43,9 @@ private JsonUtils() {
|
|||||||
// Never constructed
|
// Never constructed
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String toJsonStringWithDefaultPrettyPrinter(String jsonString)
|
public static String toJsonStringWithDefaultPrettyPrinter(Object obj)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
Object json = READER.readValue(jsonString);
|
return WRITTER.writeValueAsString(obj);
|
||||||
return WRITTER.writeValueAsString(json);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static String toJsonString(Object obj) throws IOException {
|
public static String toJsonString(Object obj) throws IOException {
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
|
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
|
||||||
import org.apache.hadoop.hdds.scm.client.ScmClient;
|
import org.apache.hadoop.hdds.scm.client.ScmClient;
|
||||||
import org.apache.hadoop.hdds.scm.container.ContainerInfo;
|
import org.apache.hadoop.hdds.scm.container.ContainerInfo;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
@ -61,8 +60,7 @@ public class ListSubcommand implements Callable<Void> {
|
|||||||
private void outputContainerInfo(ContainerInfo containerInfo)
|
private void outputContainerInfo(ContainerInfo containerInfo)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
// Print container report info.
|
// Print container report info.
|
||||||
LOG.info("{}", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
LOG.info("{}", containerInfo.toJsonString());
|
||||||
containerInfo.toJsonString()));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -29,8 +29,7 @@ private ObjectPrinter() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static String getObjectAsJson(Object o) throws IOException {
|
public static String getObjectAsJson(Object o) throws IOException {
|
||||||
return JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
return JsonUtils.toJsonStringWithDefaultPrettyPrinter(o);
|
||||||
JsonUtils.toJsonString(o));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void printObjectAsJson(Object o) throws IOException {
|
public static void printObjectAsJson(Object o) throws IOException {
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -92,8 +91,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().addAcl(obj,
|
boolean result = client.getObjectStore().addAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -75,8 +75,8 @@ public Void call() throws Exception {
|
|||||||
|
|
||||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n",
|
||||||
JsonUtils.toJsonString(result)));
|
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -68,7 +67,7 @@ public class RemoveAclBucketHandler extends Handler {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Void call() throws Exception {
|
public Void call() throws Exception {
|
||||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||||
OzoneAddress address = new OzoneAddress(uri);
|
OzoneAddress address = new OzoneAddress(uri);
|
||||||
address.ensureBucketAddress();
|
address.ensureBucketAddress();
|
||||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||||
@ -92,8 +91,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().removeAcl(obj,
|
boolean result = client.getObjectStore().removeAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl removed successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -92,8 +91,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().setAcl(obj,
|
boolean result = client.getObjectStore().setAcl(obj,
|
||||||
OzoneAcl.parseAcls(acls));
|
OzoneAcl.parseAcls(acls));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -95,8 +94,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().addAcl(obj,
|
boolean result = client.getObjectStore().addAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -78,8 +78,8 @@ public Void call() throws Exception {
|
|||||||
|
|
||||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n",
|
||||||
JsonUtils.toJsonString(result)));
|
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -68,7 +67,7 @@ public class RemoveAclKeyHandler extends Handler {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Void call() throws Exception {
|
public Void call() throws Exception {
|
||||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||||
OzoneAddress address = new OzoneAddress(uri);
|
OzoneAddress address = new OzoneAddress(uri);
|
||||||
address.ensureKeyAddress();
|
address.ensureKeyAddress();
|
||||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||||
@ -95,8 +94,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().removeAcl(obj,
|
boolean result = client.getObjectStore().removeAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -94,8 +93,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().setAcl(obj,
|
boolean result = client.getObjectStore().setAcl(obj,
|
||||||
OzoneAcl.parseAcls(acls));
|
OzoneAcl.parseAcls(acls));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -71,7 +71,7 @@ public Void call() throws Exception {
|
|||||||
}
|
}
|
||||||
|
|
||||||
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||||
JsonUtils.toJsonString(token.encodeToUrlString())));
|
token.encodeToUrlString()));
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -65,7 +65,7 @@ public Void call() throws Exception {
|
|||||||
token.decodeFromUrlString(encodedToken);
|
token.decodeFromUrlString(encodedToken);
|
||||||
|
|
||||||
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||||
JsonUtils.toJsonString(token.toString())));
|
token.toString()));
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -89,8 +88,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().addAcl(obj,
|
boolean result = client.getObjectStore().addAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -69,8 +69,8 @@ public Void call() throws Exception {
|
|||||||
OzoneObj.StoreType.valueOf(storeType))
|
OzoneObj.StoreType.valueOf(storeType))
|
||||||
.build();
|
.build();
|
||||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n",
|
||||||
JsonUtils.toJsonString(result)));
|
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -68,7 +67,7 @@ public class RemoveAclVolumeHandler extends Handler {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public Void call() throws Exception {
|
public Void call() throws Exception {
|
||||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||||
OzoneAddress address = new OzoneAddress(uri);
|
OzoneAddress address = new OzoneAddress(uri);
|
||||||
address.ensureVolumeAddress();
|
address.ensureVolumeAddress();
|
||||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||||
@ -89,8 +88,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().removeAcl(obj,
|
boolean result = client.getObjectStore().removeAcl(obj,
|
||||||
OzoneAcl.parseAcl(acl));
|
OzoneAcl.parseAcl(acl));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl removed successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -24,7 +24,6 @@
|
|||||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
import picocli.CommandLine.Command;
|
import picocli.CommandLine.Command;
|
||||||
import picocli.CommandLine.Parameters;
|
import picocli.CommandLine.Parameters;
|
||||||
@ -92,8 +91,8 @@ public Void call() throws Exception {
|
|||||||
boolean result = client.getObjectStore().setAcl(obj,
|
boolean result = client.getObjectStore().setAcl(obj,
|
||||||
OzoneAcl.parseAcls(acls));
|
OzoneAcl.parseAcls(acls));
|
||||||
|
|
||||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
|
||||||
client.close();
|
client.close();
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user