[
https://issues.apache.org/jira/browse/HADOOP-16962?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ctest updated HADOOP-16962:
---------------------------
Description:
*Problem:*
In `Configuration.java`, the `getBoolean` can accept any valueString and return
the default value for any string except “true” or “false” (ignoring case):
{code:java}
if (StringUtils.equalsIgnoreCase("true", valueString))
return true;
else if (StringUtils.equalsIgnoreCase("false", valueString))
return false;
else return defaultValue;{code}
If the user misspells some boolean configuration value, for example, “true” to
“ture”, then getBoolean will directly return the default value without logging
any warning message. If the default value is “false”, then Hadoop is actually
using a totally different value (“false”) compared to the user’s expectation
(“true”) and the user even doesn’t know it.
This can lead to serious issues, especially regarding security features.
Other projects such as Alluxio are doing more rigorous and explicit check.
[https://github.com/xlab-uiuc/ctest-alluxio/blob/master/core/common/src/main/java/alluxio/conf/InstancedConfiguration.java#L366]
in which the getBoolean method will fail immediately if the value is invalid.
*Solution:*
We can log one warning message before getBoolean return the default value for
unrecognized value:
{code:java}
if (StringUtils.equalsIgnoreCase("true", valueString))
return true;
else if (StringUtils.equalsIgnoreCase("false", valueString))
return false;
else {
LOG.warn("Invalid value for boolean: " + valueString +
", choose default value: " + defaultValue + " for " + name);
return defaultValue;
}{code}
I attach a patch to log the warning message.
was:
*Problem:*
In `Configuration.java`, the `getBoolean` can accept any valueString and return
the default value for any string except “true” or “false” (ignoring case):
{code:java}
if (StringUtils.equalsIgnoreCase("true", valueString))
return true;
else if (StringUtils.equalsIgnoreCase("false", valueString))
return false;
else return defaultValue;{code}
If the user misspells some boolean configuration value, for example, “true” to
“ture”, then getBoolean will directly return the default value without logging
any warning message. If the default value is “false”, then Hadoop is actually
using a totally different value (“false”) compared to the user’s expectation
(“true”) and the user even doesn’t know it.
*Solution:*
We can log one warning message before getBoolean return the default value for
unrecognized value:
{code:java}
if (StringUtils.equalsIgnoreCase("true", valueString))
return true;
else if (StringUtils.equalsIgnoreCase("false", valueString))
return false;
else {
LOG.warn("Invalid value for boolean: " + valueString +
", choose default value: " + defaultValue + " for " + name);
return defaultValue;
}{code}
I attach a patch to log the warning message.
> Making `getBoolean` log warning message for unrecognized value
> --------------------------------------------------------------
>
> Key: HADOOP-16962
> URL: https://issues.apache.org/jira/browse/HADOOP-16962
> Project: Hadoop Common
> Issue Type: Bug
> Components: conf
> Reporter: Ctest
> Priority: Major
> Attachments: HADOOP-16962.001.patch
>
>
> *Problem:*
> In `Configuration.java`, the `getBoolean` can accept any valueString and
> return the default value for any string except “true” or “false” (ignoring
> case):
> {code:java}
> if (StringUtils.equalsIgnoreCase("true", valueString))
> return true;
> else if (StringUtils.equalsIgnoreCase("false", valueString))
> return false;
> else return defaultValue;{code}
> If the user misspells some boolean configuration value, for example, “true”
> to “ture”, then getBoolean will directly return the default value without
> logging any warning message. If the default value is “false”, then Hadoop is
> actually using a totally different value (“false”) compared to the user’s
> expectation (“true”) and the user even doesn’t know it.
> This can lead to serious issues, especially regarding security features.
> Other projects such as Alluxio are doing more rigorous and explicit check.
> [https://github.com/xlab-uiuc/ctest-alluxio/blob/master/core/common/src/main/java/alluxio/conf/InstancedConfiguration.java#L366]
> in which the getBoolean method will fail immediately if the value is invalid.
>
> *Solution:*
> We can log one warning message before getBoolean return the default value for
> unrecognized value:
> {code:java}
> if (StringUtils.equalsIgnoreCase("true", valueString))
> return true;
> else if (StringUtils.equalsIgnoreCase("false", valueString))
> return false;
> else {
> LOG.warn("Invalid value for boolean: " + valueString +
> ", choose default value: " + defaultValue + " for " + name);
> return defaultValue;
> }{code}
> I attach a patch to log the warning message.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
