HDDS-2158. Fixing Json Injection Issue in JsonUtils. (#1486)
This commit is contained in:
parent
f3eaa84f9d
commit
8de4374427
@ -54,7 +54,7 @@ public class ContainerInfo implements Comparator<ContainerInfo>,
|
||||
mapper.setVisibility(PropertyAccessor.FIELD, JsonAutoDetect.Visibility.ANY);
|
||||
mapper
|
||||
.setVisibility(PropertyAccessor.GETTER, JsonAutoDetect.Visibility.NONE);
|
||||
WRITER = mapper.writer();
|
||||
WRITER = mapper.writerWithDefaultPrettyPrinter();
|
||||
}
|
||||
|
||||
private HddsProtos.LifeCycleState state;
|
||||
|
@ -43,10 +43,9 @@ public final class JsonUtils {
|
||||
// Never constructed
|
||||
}
|
||||
|
||||
public static String toJsonStringWithDefaultPrettyPrinter(String jsonString)
|
||||
public static String toJsonStringWithDefaultPrettyPrinter(Object obj)
|
||||
throws IOException {
|
||||
Object json = READER.readValue(jsonString);
|
||||
return WRITTER.writeValueAsString(json);
|
||||
return WRITTER.writeValueAsString(obj);
|
||||
}
|
||||
|
||||
public static String toJsonString(Object obj) throws IOException {
|
||||
|
@ -24,7 +24,6 @@ import java.util.concurrent.Callable;
|
||||
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
|
||||
import org.apache.hadoop.hdds.scm.client.ScmClient;
|
||||
import org.apache.hadoop.hdds.scm.container.ContainerInfo;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -61,8 +60,7 @@ public class ListSubcommand implements Callable<Void> {
|
||||
private void outputContainerInfo(ContainerInfo containerInfo)
|
||||
throws IOException {
|
||||
// Print container report info.
|
||||
LOG.info("{}", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
containerInfo.toJsonString()));
|
||||
LOG.info("{}", containerInfo.toJsonString());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -29,8 +29,7 @@ public final class ObjectPrinter {
|
||||
}
|
||||
|
||||
public static String getObjectAsJson(Object o) throws IOException {
|
||||
return JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(o));
|
||||
return JsonUtils.toJsonStringWithDefaultPrettyPrinter(o);
|
||||
}
|
||||
|
||||
public static void printObjectAsJson(Object o) throws IOException {
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -92,8 +91,8 @@ public class AddAclBucketHandler extends Handler {
|
||||
boolean result = client.getObjectStore().addAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -75,8 +75,8 @@ public class GetAclBucketHandler extends Handler {
|
||||
|
||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(result)));
|
||||
System.out.printf("%s%n",
|
||||
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -68,7 +67,7 @@ public class RemoveAclBucketHandler extends Handler {
|
||||
*/
|
||||
@Override
|
||||
public Void call() throws Exception {
|
||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
||||
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||
OzoneAddress address = new OzoneAddress(uri);
|
||||
address.ensureBucketAddress();
|
||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||
@ -92,8 +91,8 @@ public class RemoveAclBucketHandler extends Handler {
|
||||
boolean result = client.getObjectStore().removeAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl removed successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -92,8 +91,8 @@ public class SetAclBucketHandler extends Handler {
|
||||
boolean result = client.getObjectStore().setAcl(obj,
|
||||
OzoneAcl.parseAcls(acls));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -95,8 +94,8 @@ public class AddAclKeyHandler extends Handler {
|
||||
boolean result = client.getObjectStore().addAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -78,8 +78,8 @@ public class GetAclKeyHandler extends Handler {
|
||||
|
||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(result)));
|
||||
System.out.printf("%s%n",
|
||||
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -68,7 +67,7 @@ public class RemoveAclKeyHandler extends Handler {
|
||||
*/
|
||||
@Override
|
||||
public Void call() throws Exception {
|
||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
||||
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||
OzoneAddress address = new OzoneAddress(uri);
|
||||
address.ensureKeyAddress();
|
||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||
@ -95,8 +94,8 @@ public class RemoveAclKeyHandler extends Handler {
|
||||
boolean result = client.getObjectStore().removeAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -94,8 +93,8 @@ public class SetAclKeyHandler extends Handler {
|
||||
boolean result = client.getObjectStore().setAcl(obj,
|
||||
OzoneAcl.parseAcls(acls));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -71,7 +71,7 @@ public class GetTokenHandler extends Handler {
|
||||
}
|
||||
|
||||
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(token.encodeToUrlString())));
|
||||
token.encodeToUrlString()));
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ public class PrintTokenHandler extends Handler {
|
||||
token.decodeFromUrlString(encodedToken);
|
||||
|
||||
System.out.printf("%s", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(token.toString())));
|
||||
token.toString()));
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -89,8 +88,8 @@ public class AddAclVolumeHandler extends Handler {
|
||||
boolean result = client.getObjectStore().addAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl added successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -69,8 +69,8 @@ public class GetAclVolumeHandler extends Handler {
|
||||
OzoneObj.StoreType.valueOf(storeType))
|
||||
.build();
|
||||
List<OzoneAcl> result = client.getObjectStore().getAcl(obj);
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString(result)));
|
||||
System.out.printf("%s%n",
|
||||
JsonUtils.toJsonStringWithDefaultPrettyPrinter(result));
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -68,7 +67,7 @@ public class RemoveAclVolumeHandler extends Handler {
|
||||
*/
|
||||
@Override
|
||||
public Void call() throws Exception {
|
||||
Objects.requireNonNull(acl, "New acl to be added not specified.");
|
||||
Objects.requireNonNull(acl, "ACL to be removed not specified.");
|
||||
OzoneAddress address = new OzoneAddress(uri);
|
||||
address.ensureVolumeAddress();
|
||||
OzoneClient client = address.createClient(createOzoneConfiguration());
|
||||
@ -89,8 +88,8 @@ public class RemoveAclVolumeHandler extends Handler {
|
||||
boolean result = client.getObjectStore().removeAcl(obj,
|
||||
OzoneAcl.parseAcl(acl));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl removed successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl removed successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
@ -24,7 +24,6 @@ import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Handler;
|
||||
import org.apache.hadoop.ozone.web.ozShell.OzoneAddress;
|
||||
import org.apache.hadoop.ozone.web.ozShell.Shell;
|
||||
import org.apache.hadoop.ozone.web.utils.JsonUtils;
|
||||
import picocli.CommandLine;
|
||||
import picocli.CommandLine.Command;
|
||||
import picocli.CommandLine.Parameters;
|
||||
@ -92,8 +91,8 @@ public class SetAclVolumeHandler extends Handler {
|
||||
boolean result = client.getObjectStore().setAcl(obj,
|
||||
OzoneAcl.parseAcls(acls));
|
||||
|
||||
System.out.printf("%s%n", JsonUtils.toJsonStringWithDefaultPrettyPrinter(
|
||||
JsonUtils.toJsonString("Acl set successfully: " + result)));
|
||||
System.out.printf("%s%n", "Acl set successfully: " + result);
|
||||
|
||||
client.close();
|
||||
return null;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user