[
https://issues.apache.org/jira/browse/HBASE-29761?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043986#comment-18043986
]
Kevin Geiszler edited comment on HBASE-29761 at 12/10/25 12:02 AM:
-------------------------------------------------------------------
I looked into this more and found the issue.
Both {{MasterDumpServlet}} and {{RSDumpServlet}} initially call
{{conf.writeXml()}} with this method signature:
[writeXml(OutputStream
out)|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3576]
This starts a chain of calling other {{Configuration.writeXml()}} methods.
Eventually, we see this one get called:
[writeXml(@Nullable String propertyName, Writer
out)|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3629]
The problem is when this version of the method is runs, the next {{writeXml()}}
method it calls is receiving {{null}} as the value for the {{conf}} arg. This
results in the {{ConfigRedactor}} object being {{{}null{}}}, which happens
[here|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3611].
was (Author: JIRAUSER302671):
I looked into this more and found the issue.
Both {{MasterDumpServlet}} and {{RSDumpServlet}} initially call conf.writeXml()
with `this` method signature:
[writeXml(OutputStream
out)|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3576]
This starts a chain of calling other Configuration.writeXml() methods.
Eventually, we see this one get called:
[writeXml(@Nullable String propertyName, Writer
out)|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3629]
The problem is when this version of the method is runs, the next writeXml()
method it calls is receiving null as the value for the conf arg. This results
in the ConfigRedactor object being null, which happens
[here|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/conf/Configuration.java#L3611].
> The HBase UI's Debug Dump is not redacting sensitive information
> ----------------------------------------------------------------
>
> Key: HBASE-29761
> URL: https://issues.apache.org/jira/browse/HBASE-29761
> Project: HBase
> Issue Type: Bug
> Components: UI
> Reporter: Kevin Geiszler
> Assignee: Kevin Geiszler
> Priority: Critical
>
> The Debug Dump feature in the HBase UI is supposed to redact sensitive
> configuration values such as truststore and keystore passwords, but it is not
> doing so. Instead, the sensitive values are shown in plain text.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
