HADOOP-18014. CallerContext should not include some characters. (#3698)

Reviewed-by: Viraj Jasani <vjasani@apache.org>
Reviewed-by: Mingliang Liu <liuml07@apache.org>
Reviewed-by: Hui Fei <ferhui@apache.org>
This commit is contained in:
Takanobu Asanuma 2021-11-25 14:05:04 +09:00 committed by GitHub
parent cdc13e91b6
commit 9c887e5b82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 40 additions and 13 deletions

View File

@ -164,8 +164,6 @@ private void checkFieldSeparator(String separator) {
/** /**
* Whether the field is valid. * Whether the field is valid.
* The field should not contain '\t', '\n', '='.
* Because the context could be written to audit log.
* @param field one of the fields in context. * @param field one of the fields in context.
* @return true if the field is not null or empty. * @return true if the field is not null or empty.
*/ */

View File

@ -8802,18 +8802,18 @@ public void logAuditEvent(boolean succeeded, String userName,
callerContext != null && callerContext != null &&
callerContext.isContextValid()) { callerContext.isContextValid()) {
sb.append("\t").append("callerContext="); sb.append("\t").append("callerContext=");
if (callerContext.getContext().length() > callerContextMaxLen) { String context = escapeJava(callerContext.getContext());
sb.append(callerContext.getContext().substring(0, if (context.length() > callerContextMaxLen) {
callerContextMaxLen)); sb.append(context, 0, callerContextMaxLen);
} else { } else {
sb.append(callerContext.getContext()); sb.append(context);
} }
if (callerContext.getSignature() != null && if (callerContext.getSignature() != null &&
callerContext.getSignature().length > 0 && callerContext.getSignature().length > 0 &&
callerContext.getSignature().length <= callerSignatureMaxLen) { callerContext.getSignature().length <= callerSignatureMaxLen) {
sb.append(":") sb.append(":")
.append(new String(callerContext.getSignature(), .append(escapeJava(new String(callerContext.getSignature(),
CallerContext.SIGNATURE_ENCODING)); CallerContext.SIGNATURE_ENCODING)));
} }
} }
logAuditMessage(sb.toString()); logAuditMessage(sb.toString());

View File

@ -256,10 +256,9 @@ public void testAuditLoggerWithCallContext() throws IOException {
conf.setBoolean(HADOOP_CALLER_CONTEXT_ENABLED_KEY, true); conf.setBoolean(HADOOP_CALLER_CONTEXT_ENABLED_KEY, true);
conf.setInt(HADOOP_CALLER_CONTEXT_MAX_SIZE_KEY, 128); conf.setInt(HADOOP_CALLER_CONTEXT_MAX_SIZE_KEY, 128);
conf.setInt(HADOOP_CALLER_CONTEXT_SIGNATURE_MAX_SIZE_KEY, 40); conf.setInt(HADOOP_CALLER_CONTEXT_SIGNATURE_MAX_SIZE_KEY, 40);
MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).build();
LogCapturer auditlog = LogCapturer.captureLogs(FSNamesystem.auditLog);
try { try (MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).build()) {
LogCapturer auditlog = LogCapturer.captureLogs(FSNamesystem.auditLog);
cluster.waitClusterUp(); cluster.waitClusterUp();
final FileSystem fs = cluster.getFileSystem(); final FileSystem fs = cluster.getFileSystem();
final long time = System.currentTimeMillis(); final long time = System.currentTimeMillis();
@ -414,8 +413,8 @@ public void run() {
assertFalse(auditlog.getOutput().contains("callerContext=")); assertFalse(auditlog.getOutput().contains("callerContext="));
auditlog.clearOutput(); auditlog.clearOutput();
} finally { // clear client context
cluster.shutdown(); CallerContext.setCurrent(null);
} }
} }
@ -599,6 +598,36 @@ public void testAuditLogWithRemotePort() throws Exception {
} }
} }
@Test
public void testCallerContextCharacterEscape() throws IOException {
Configuration conf = new HdfsConfiguration();
conf.setBoolean(HADOOP_CALLER_CONTEXT_ENABLED_KEY, true);
conf.setInt(HADOOP_CALLER_CONTEXT_MAX_SIZE_KEY, 128);
conf.setInt(HADOOP_CALLER_CONTEXT_SIGNATURE_MAX_SIZE_KEY, 40);
try (MiniDFSCluster cluster = new MiniDFSCluster.Builder(conf).build()) {
LogCapturer auditlog = LogCapturer.captureLogs(FSNamesystem.auditLog);
cluster.waitClusterUp();
final FileSystem fs = cluster.getFileSystem();
final long time = System.currentTimeMillis();
final Path p = new Path("/");
assertNull(CallerContext.getCurrent());
CallerContext context = new CallerContext.Builder("c1\nc2").append("c3\tc4")
.setSignature("s1\ns2".getBytes(CallerContext.SIGNATURE_ENCODING)).build();
CallerContext.setCurrent(context);
LOG.info("Set current caller context as {}", CallerContext.getCurrent());
fs.setTimes(p, time, time);
assertTrue(auditlog.getOutput().endsWith(
String.format("callerContext=c1\\nc2,c3\\tc4:s1\\ns2%n")));
auditlog.clearOutput();
// clear client context
CallerContext.setCurrent(null);
}
}
public static class DummyAuditLogger implements AuditLogger { public static class DummyAuditLogger implements AuditLogger {
static boolean initialized; static boolean initialized;