HDFS-4100. Fix all findbug security warings. Contributed by Liang Xie

git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-2@1430545 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Eli Collins 2013-01-08 21:13:48 +00:00
parent 8c9b47c29e
commit ecf8c442f4
3 changed files with 9 additions and 4 deletions

View File

@ -465,6 +465,8 @@ Release 2.0.3-alpha - Unreleased
HDFS-4351. In BlockPlacementPolicyDefault.chooseTarget(..), numOfReplicas HDFS-4351. In BlockPlacementPolicyDefault.chooseTarget(..), numOfReplicas
needs to be updated when avoiding stale nodes. (Andrew Wang via szetszwo) needs to be updated when avoiding stale nodes. (Andrew Wang via szetszwo)
HDFS-4100. Fix all findbug security warings. (Liang Xie via eli)
Release 2.0.2-alpha - 2012-09-07 Release 2.0.2-alpha - 2012-09-07
INCOMPATIBLE CHANGES INCOMPATIBLE CHANGES

View File

@ -31,6 +31,7 @@ import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
@ -139,8 +140,9 @@ public class GetJournalEditServlet extends HttpServlet {
HttpServletRequest request, HttpServletResponse response) HttpServletRequest request, HttpServletResponse response)
throws IOException { throws IOException {
String myStorageInfoString = storage.toColonSeparatedString(); String myStorageInfoString = storage.toColonSeparatedString();
String theirStorageInfoString = request.getParameter(STORAGEINFO_PARAM); String theirStorageInfoString = StringEscapeUtils.escapeHtml(
request.getParameter(STORAGEINFO_PARAM));
if (theirStorageInfoString != null if (theirStorageInfoString != null
&& !myStorageInfoString.equals(theirStorageInfoString)) { && !myStorageInfoString.equals(theirStorageInfoString)) {
String msg = "This node has storage info '" + myStorageInfoString String msg = "This node has storage info '" + myStorageInfoString

View File

@ -259,7 +259,8 @@ public class DatanodeJspHelper {
int namenodeInfoPort = -1; int namenodeInfoPort = -1;
if (namenodeInfoPortStr != null) if (namenodeInfoPortStr != null)
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr); namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);
final String nnAddr = req.getParameter(JspHelper.NAMENODE_ADDRESS); final String nnAddr = StringEscapeUtils.escapeHtml(
req.getParameter(JspHelper.NAMENODE_ADDRESS));
if (nnAddr == null){ if (nnAddr == null){
out.print(JspHelper.NAMENODE_ADDRESS + " url param is null"); out.print(JspHelper.NAMENODE_ADDRESS + " url param is null");
return; return;
@ -637,7 +638,7 @@ public class DatanodeJspHelper {
UserGroupInformation ugi = JspHelper.getUGI(req, conf); UserGroupInformation ugi = JspHelper.getUGI(req, conf);
String namenodeInfoPortStr = req.getParameter("namenodeInfoPort"); String namenodeInfoPortStr = req.getParameter("namenodeInfoPort");
String nnAddr = req.getParameter(JspHelper.NAMENODE_ADDRESS); String nnAddr = StringEscapeUtils.escapeHtml(req.getParameter(JspHelper.NAMENODE_ADDRESS));
int namenodeInfoPort = -1; int namenodeInfoPort = -1;
if (namenodeInfoPortStr != null) if (namenodeInfoPortStr != null)
namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr); namenodeInfoPort = Integer.parseInt(namenodeInfoPortStr);