big-data/hadoop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HDFS-15320. StringIndexOutOfBoundsException in HostRestrictingAuthorizationFilter (#1992)

Browse Source 
Signed-off-by: Mingliang Liu <liuml07@apache.org>
This commit is contained in:
Akira Ajisaka 2020-05-03 05:02:27 +09:00 committed by Mingliang Liu
parent 0f27c04c23
commit e32e1384d9
No known key found for this signature in database
GPG Key ID: BC2FB8C6908A0C16
2 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
View File

@ -229,9 +229,14 @@ public void handleInteraction(HttpInteraction interaction)
throws IOException, ServletException { throws IOException, ServletException {
final String address = interaction.getRemoteAddr(); final String address = interaction.getRemoteAddr();
final String query = interaction.getQueryString(); final String query = interaction.getQueryString();
final String path = final String uri = interaction.getRequestURI();
interaction.getRequestURI() if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
.substring(WebHdfsFileSystem.PATH_PREFIX.length()); LOG.trace("Rejecting interaction; wrong URI: {}", uri);
interaction.sendError(HttpServletResponse.SC_NOT_FOUND,
"The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
return;
}
final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());
String user = interaction.getRemoteUser(); String user = interaction.getRemoteUser();
LOG.trace("Got request user: {}, remoteIp: {}, query: {}, path: {}", LOG.trace("Got request user: {}, remoteIp: {}, query: {}, path: {}",

25
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
View File

@ -243,6 +243,31 @@ public void doFilter(ServletRequest servletRequest,
filter.destroy(); filter.destroy();
} }
/**
* Test acceptable behavior to malformed requests
* Case: the request URI does not start with "/webhdfs/v1"
*/
@Test
public void testInvalidURI() throws Exception {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
Mockito.when(request.getMethod()).thenReturn("GET");
Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI");
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
Filter filter = new HostRestrictingAuthorizationFilter();
HashMap<String, String> configs = new HashMap<String, String>() {};
configs.put(AuthenticationFilter.AUTH_TYPE, "simple");
FilterConfig fc = new DummyFilterConfig(configs);
filter.init(fc);
filter.doFilter(request, response,
(servletRequest, servletResponse) -> {});
Mockito.verify(response, Mockito.times(1))
.sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
Mockito.anyString());
filter.destroy();
}
private static class DummyFilterConfig implements FilterConfig { private static class DummyFilterConfig implements FilterConfig {
final Map<String, String> map; final Map<String, String> map;