Accueil Explorer Aide
S'inscrire Connexion
apache
/
hadoop
miroir de https://github.com/apache/hadoop.git
2
0
Fork 1
Fichiers Tickets 0 Wiki
Parcourir la source

HDFS-15320. StringIndexOutOfBoundsException in HostRestrictingAuthorizationFilter (#1992)

Signed-off-by: Mingliang Liu <liuml07@apache.org>
Akira Ajisaka il y a 5 ans
Parent
0f27c04c23
commit
e32e1384d9
2 fichiers modifiés avec 33 ajouts et 3 suppressions
Vue unifiée Afficher les stats Diff
  1. 8 3
      hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
  2. 25 0
      hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java

+ 8 - 3
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/common/HostRestrictingAuthorizationFilter.java
Voir le fichier 

@@ -229,9 +229,14 @@ public class HostRestrictingAuthorizationFilter implements Filter {
 
       throws IOException, ServletException {
 
       throws IOException, ServletException {
 
     final String address = interaction.getRemoteAddr();
 
     final String address = interaction.getRemoteAddr();
 
     final String query = interaction.getQueryString();
 
     final String query = interaction.getQueryString();
 
-    final String path =
 
-        interaction.getRequestURI()
 
-            .substring(WebHdfsFileSystem.PATH_PREFIX.length());
 
+    final String uri = interaction.getRequestURI();
 
+    if (!uri.startsWith(WebHdfsFileSystem.PATH_PREFIX)) {
 
+      LOG.trace("Rejecting interaction; wrong URI: {}", uri);
 
+      interaction.sendError(HttpServletResponse.SC_NOT_FOUND,
 
+          "The request URI must start with " + WebHdfsFileSystem.PATH_PREFIX);
 
+      return;
 
+    }
 
+    final String path = uri.substring(WebHdfsFileSystem.PATH_PREFIX.length());
 
     String user = interaction.getRemoteUser();
 
     String user = interaction.getRemoteUser();
 
 
 
     LOG.trace("Got request user: {}, remoteIp: {}, query: {}, path: {}",
 
     LOG.trace("Got request user: {}, remoteIp: {}, query: {}, path: {}",

+ 25 - 0
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/common/TestHostRestrictingAuthorizationFilter.java
Voir le fichier 

@@ -243,6 +243,31 @@ public class TestHostRestrictingAuthorizationFilter {
 
     filter.destroy();
 
     filter.destroy();
 
   }
 
   }
 
 
 
+  /**
 
+   * Test acceptable behavior to malformed requests
 
+   * Case: the request URI does not start with "/webhdfs/v1"
 
+   */
 
+  @Test
 
+  public void testInvalidURI() throws Exception {
 
+    HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
 
+    Mockito.when(request.getMethod()).thenReturn("GET");
 
+    Mockito.when(request.getRequestURI()).thenReturn("/InvalidURI");
 
+    HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
 
+
 
+    Filter filter = new HostRestrictingAuthorizationFilter();
 
+    HashMap<String, String> configs = new HashMap<String, String>() {};
 
+    configs.put(AuthenticationFilter.AUTH_TYPE, "simple");
 
+    FilterConfig fc = new DummyFilterConfig(configs);
 
+
 
+    filter.init(fc);
 
+    filter.doFilter(request, response,
 
+        (servletRequest, servletResponse) -> {});
 
+    Mockito.verify(response, Mockito.times(1))
 
+        .sendError(Mockito.eq(HttpServletResponse.SC_NOT_FOUND),
 
+                   Mockito.anyString());
 
+    filter.destroy();
 
+  }
 
+
 
   private static class DummyFilterConfig implements FilterConfig {
 
   private static class DummyFilterConfig implements FilterConfig {
 
     final Map<String, String> map;
 
     final Map<String, String> map;