Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-15328

Unvalidated Redirect in HMaster

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 1.4.0, 1.3.1, 1.2.5, 1.1.10, 2.0.0
    • security
    • None

    Description

      See OWASP page on why we should clean it up someday:

      https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet

      Here is where we do the redirect:

          @Override
    public void doGet(HttpServletRequest request,
        HttpServletResponse response) throws ServletException, IOException {
      String redirectUrl = request.getScheme() + "://"
        + request.getServerName() + ":" + regionServerInfoPort
        + request.getRequestURI();
      response.sendRedirect(redirectUrl);
    }
  }

      Attachments

        1. HBASE-15328.0.patch
          8 kB
          Sean Busbey
        2. HBASE-15328.1.patch
          9 kB
          Sean Busbey

        Issue Links

        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. HBASE-17560 HMaster redirect should sanity check user input

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            busbey Sean Busbey
            stack Michael Stack
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment