HDFS-4162. Some malformed and unquoted HTML strings are returned from datanode web ui. Contributed by Darek Dagit.
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1407556 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
ca1c683b47
commit
c7ab9779d2
@ -574,6 +574,9 @@ Release 2.0.3-alpha - Unreleased
|
|||||||
|
|
||||||
HDFS-3810. Implement format() for BKJM (Ivan Kelly via umamahesh)
|
HDFS-3810. Implement format() for BKJM (Ivan Kelly via umamahesh)
|
||||||
|
|
||||||
|
HDFS-4162. Some malformed and unquoted HTML strings are returned from
|
||||||
|
datanode web ui. (Darek Dagit via suresh)
|
||||||
|
|
||||||
Release 2.0.2-alpha - 2012-09-07
|
Release 2.0.2-alpha - 2012-09-07
|
||||||
|
|
||||||
INCOMPATIBLE CHANGES
|
INCOMPATIBLE CHANGES
|
||||||
|
@ -408,15 +408,15 @@ public static void printPathWithLinks(String dir, JspWriter out,
|
|||||||
if (!parts[i].equals("")) {
|
if (!parts[i].equals("")) {
|
||||||
tempPath.append(parts[i]);
|
tempPath.append(parts[i]);
|
||||||
out.print("<a href=\"browseDirectory.jsp" + "?dir="
|
out.print("<a href=\"browseDirectory.jsp" + "?dir="
|
||||||
+ tempPath.toString() + "&namenodeInfoPort=" + namenodeInfoPort
|
+ HtmlQuoting.quoteHtmlChars(tempPath.toString()) + "&namenodeInfoPort=" + namenodeInfoPort
|
||||||
+ getDelegationTokenUrlParam(tokenString)
|
+ getDelegationTokenUrlParam(tokenString)
|
||||||
+ getUrlParam(NAMENODE_ADDRESS, nnAddress));
|
+ getUrlParam(NAMENODE_ADDRESS, nnAddress));
|
||||||
out.print("\">" + parts[i] + "</a>" + Path.SEPARATOR);
|
out.print("\">" + HtmlQuoting.quoteHtmlChars(parts[i]) + "</a>" + Path.SEPARATOR);
|
||||||
tempPath.append(Path.SEPARATOR);
|
tempPath.append(Path.SEPARATOR);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(parts.length > 0) {
|
if(parts.length > 0) {
|
||||||
out.print(parts[parts.length-1]);
|
out.print(HtmlQuoting.quoteHtmlChars(parts[parts.length-1]));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (UnsupportedEncodingException ex) {
|
catch (UnsupportedEncodingException ex) {
|
||||||
@ -431,16 +431,16 @@ public static void printGotoForm(JspWriter out,
|
|||||||
String nnAddress) throws IOException {
|
String nnAddress) throws IOException {
|
||||||
out.print("<form action=\"browseDirectory.jsp\" method=\"get\" name=\"goto\">");
|
out.print("<form action=\"browseDirectory.jsp\" method=\"get\" name=\"goto\">");
|
||||||
out.print("Goto : ");
|
out.print("Goto : ");
|
||||||
out.print("<input name=\"dir\" type=\"text\" width=\"50\" id\"dir\" value=\""+ file+"\">");
|
out.print("<input name=\"dir\" type=\"text\" width=\"50\" id=\"dir\" value=\""+ HtmlQuoting.quoteHtmlChars(file)+"\"/>");
|
||||||
out.print("<input name=\"go\" type=\"submit\" value=\"go\">");
|
out.print("<input name=\"go\" type=\"submit\" value=\"go\"/>");
|
||||||
out.print("<input name=\"namenodeInfoPort\" type=\"hidden\" "
|
out.print("<input name=\"namenodeInfoPort\" type=\"hidden\" "
|
||||||
+ "value=\"" + namenodeInfoPort + "\">");
|
+ "value=\"" + namenodeInfoPort + "\"/>");
|
||||||
if (UserGroupInformation.isSecurityEnabled()) {
|
if (UserGroupInformation.isSecurityEnabled()) {
|
||||||
out.print("<input name=\"" + DELEGATION_PARAMETER_NAME
|
out.print("<input name=\"" + DELEGATION_PARAMETER_NAME
|
||||||
+ "\" type=\"hidden\" value=\"" + tokenString + "\">");
|
+ "\" type=\"hidden\" value=\"" + tokenString + "\"/>");
|
||||||
}
|
}
|
||||||
out.print("<input name=\""+ NAMENODE_ADDRESS +"\" type=\"hidden\" "
|
out.print("<input name=\""+ NAMENODE_ADDRESS +"\" type=\"hidden\" "
|
||||||
+ "value=\"" + nnAddress + "\">");
|
+ "value=\"" + nnAddress + "\"/>");
|
||||||
out.print("</form>");
|
out.print("</form>");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -43,6 +43,7 @@
|
|||||||
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
|
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
|
||||||
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
|
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
|
||||||
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
import org.apache.hadoop.hdfs.server.common.JspHelper;
|
||||||
|
import org.apache.hadoop.http.HtmlQuoting;
|
||||||
import org.apache.hadoop.http.HttpConfig;
|
import org.apache.hadoop.http.HttpConfig;
|
||||||
import org.apache.hadoop.net.NetUtils;
|
import org.apache.hadoop.net.NetUtils;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
@ -119,7 +120,7 @@ static void generateDirectoryStructure(JspWriter out,
|
|||||||
String target = dir;
|
String target = dir;
|
||||||
final HdfsFileStatus targetStatus = dfs.getFileInfo(target);
|
final HdfsFileStatus targetStatus = dfs.getFileInfo(target);
|
||||||
if (targetStatus == null) { // not exists
|
if (targetStatus == null) { // not exists
|
||||||
out.print("<h3>File or directory : " + target + " does not exist</h3>");
|
out.print("<h3>File or directory : " + StringEscapeUtils.escapeHtml(target) + " does not exist</h3>");
|
||||||
JspHelper.printGotoForm(out, namenodeInfoPort, tokenString, target,
|
JspHelper.printGotoForm(out, namenodeInfoPort, tokenString, target,
|
||||||
nnAddr);
|
nnAddr);
|
||||||
} else {
|
} else {
|
||||||
@ -203,7 +204,7 @@ static void generateDirectoryStructure(JspWriter out,
|
|||||||
+ JspHelper.getDelegationTokenUrlParam(tokenString)
|
+ JspHelper.getDelegationTokenUrlParam(tokenString)
|
||||||
+ JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, nnAddr);
|
+ JspHelper.getUrlParam(JspHelper.NAMENODE_ADDRESS, nnAddr);
|
||||||
cols[0] = "<a href=\"" + datanodeUrl + "\">"
|
cols[0] = "<a href=\"" + datanodeUrl + "\">"
|
||||||
+ localFileName + "</a>";
|
+ HtmlQuoting.quoteHtmlChars(localFileName) + "</a>";
|
||||||
cols[5] = lsDateFormat.format(new Date((files[i]
|
cols[5] = lsDateFormat.format(new Date((files[i]
|
||||||
.getModificationTime())));
|
.getModificationTime())));
|
||||||
cols[6] = files[i].getPermission().toString();
|
cols[6] = files[i].getPermission().toString();
|
||||||
|
@ -19,13 +19,20 @@
|
|||||||
|
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
import static org.mockito.Mockito.when;
|
import static org.mockito.Mockito.when;
|
||||||
|
import static org.mockito.Mockito.doAnswer;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.io.StringReader;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
|
||||||
import javax.servlet.ServletContext;
|
import javax.servlet.ServletContext;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.jsp.JspWriter;
|
||||||
|
import javax.xml.parsers.DocumentBuilder;
|
||||||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
|
|
||||||
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||||
@ -46,10 +53,17 @@
|
|||||||
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.mockito.ArgumentCaptor;
|
||||||
|
import org.mockito.invocation.InvocationOnMock;
|
||||||
|
import org.mockito.stubbing.Answer;
|
||||||
|
import org.xml.sax.InputSource;
|
||||||
|
import org.xml.sax.SAXException;
|
||||||
|
|
||||||
|
|
||||||
public class TestJspHelper {
|
public class TestJspHelper {
|
||||||
|
|
||||||
private Configuration conf = new HdfsConfiguration();
|
private Configuration conf = new HdfsConfiguration();
|
||||||
|
private String jspWriterOutput = "";
|
||||||
|
|
||||||
public static class DummySecretManager extends
|
public static class DummySecretManager extends
|
||||||
AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
|
AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
|
||||||
@ -368,7 +382,33 @@ public void testGetProxyUgi() throws IOException {
|
|||||||
ae.getMessage());
|
ae.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testPrintGotoFormWritesValidXML() throws IOException,
|
||||||
|
ParserConfigurationException, SAXException {
|
||||||
|
JspWriter mockJspWriter = mock(JspWriter.class);
|
||||||
|
ArgumentCaptor<String> arg = ArgumentCaptor.forClass(String.class);
|
||||||
|
doAnswer(new Answer<Object>() {
|
||||||
|
@Override
|
||||||
|
public Object answer(InvocationOnMock invok) {
|
||||||
|
Object[] args = invok.getArguments();
|
||||||
|
jspWriterOutput += (String) args[0];
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}).when(mockJspWriter).print(arg.capture());
|
||||||
|
|
||||||
|
jspWriterOutput = "";
|
||||||
|
|
||||||
|
JspHelper.printGotoForm(mockJspWriter, 424242, "a token string",
|
||||||
|
"foobar/file", "0.0.0.0");
|
||||||
|
|
||||||
|
DocumentBuilder parser =
|
||||||
|
DocumentBuilderFactory.newInstance().newDocumentBuilder();
|
||||||
|
InputSource is = new InputSource();
|
||||||
|
is.setCharacterStream(new StringReader(jspWriterOutput));
|
||||||
|
parser.parse(is);
|
||||||
|
}
|
||||||
|
|
||||||
private HttpServletRequest getMockRequest(String remoteUser, String user, String doAs) {
|
private HttpServletRequest getMockRequest(String remoteUser, String user, String doAs) {
|
||||||
HttpServletRequest request = mock(HttpServletRequest.class);
|
HttpServletRequest request = mock(HttpServletRequest.class);
|
||||||
when(request.getParameter(UserParam.NAME)).thenReturn(user);
|
when(request.getParameter(UserParam.NAME)).thenReturn(user);
|
||||||
|
Loading…
Reference in New Issue
Block a user