HBASE-29789: Backport 'HBASE-29761: The HBase UI's Debug Dump is not redacting sensitive information' to branch-2 #7568
+339
−67
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…redacting sensitive information' to branch-2 Change-Id: Ib3fa2674e9362b038e37df1a32ad35094811a00d
kgeisz
force-pushed
the
HBASE-29789-backport-HBASE-29761-debug-dump-redact-fix-to-branch-2
branch
from
796c610 to
23b2817
Compare
kgeisz
changed the title
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
taklwu
requested changes
Dec 22, 2025
hbase-server/src/test/java/org/apache/hadoop/hbase/regionserver/http/TestRSStatusPage.java
Outdated
Show resolved
Hide resolved
Change-Id: I0f106715de5369fd31a0d1826e4e2e2e56c874e4
|
🎊 +1 overall
This message was automatically generated. |
|
🎊 +1 overall
This message was automatically generated. |
|
🎊 +1 overall
This message was automatically generated. |
|
🎊 +1 overall
This message was automatically generated. |
Contributor
Author
taklwu
reviewed
Jan 2, 2026
|
|
||
| URL url = new URL("http://" + hostname + ":" + infoPort + "/regionserver.jsp"); | ||
| String page = TestServerHttpUtils.getPageContent(url, "text/html;charset=utf-8"); | ||
| String page = TestServerHttpUtils.getPageContent(url, "text/html"); |
Contributor
There was a problem hiding this comment.
can you further investigate why master branch is working with charset=utf-8 as well as the /master-status in hbase-server/src/test/java/org/apache/hadoop/hbase/master/http/TestMasterStatusPage.java is working ?
if we find 1 or 2 commits are missing, we can first backport this one and fix this charset=utf-8 issue, such we don't branch in any default charset if not set.
Contributor
There was a problem hiding this comment.
mmm, I found master and branch-2 introduced this issue in test class since HBASE-29531 , so, it should be safe but please try to reach out to @PDavid and ask him if he knows anything about it.
(master) 7892207#diff-96a2061f96b0d10cb820b1a740abb071f9aa923466bebe9518ad9ec9d4a984f9R164
branch-2 e7be4f3#diff-b9772b8bfa004bfc0da644a9c9bf48f78e7e8a6100b1aa524aa4d7a6e842b64a
Contributor
There was a problem hiding this comment.
Hi,
Yes, I noticed when I backported the Jamon to JSP migration patches that somehow the test was failing because of this text/html;charset=utf-8 vs. text/html issue. To be completely honest I'm not sure why this happened. On branch-2 the page was served without charset in content type header and it was quickest to change the test assertion. Maybe the JSP engine / servlet implementation is different? 🤔
Contributor
There was a problem hiding this comment.
Many thanks for you all for looking into this. 👍
I think I found the problem. In regionserver.jsp, on line 42 we manually set the content type to "text/html" when not a JSON format parameter was requested:
So the fix would be to have:
if (RSStatusConstants.FORMAT_JSON.equals(format)) {
response.setContentType("application/json");
} else {
response.setContentType("text/html;charset=UTF-8");
}I'm not exactly sure why this test did not fail on master and branch-3, I'll have to investigate that.
Contributor
There was a problem hiding this comment.
I can fix this under separate PR-s or shall we include the fix in this PR?
Contributor
There was a problem hiding this comment.
let's have it in a separate PR that helps to limit the scope to backport
Contributor
There was a problem hiding this comment.
Sure, thanks, I'll open separate PR-s for this fix then. 👍
taklwu
approved these changes
Jan 2, 2026
PDavid
added
the
backport
This was referenced Jan 6, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.apache.org/jira/browse/HBASE-29789
This pull request back-ports HBASE-29761: The HBase UI's Debug Dump is not redacting sensitive information into branch-2. HBASE-29761 fixes an issue where sensitive information, such as passwords, were not being redacted when looking at a server's Debug Dump in the HBase UI. Some small modifications needed to be made in the Java code in order to get this commit to build. The changes included:
MasterDumpServlet.java and RSDumpServlet.java
StandardCharsets.UTF_8.toString()instead ofStandardCharsets.UTF_8MasterDumpServlet.java
if (isShowQueueDump(conf))toif (isShowQueueDump(master.getConfiguration()))since theconfvariable no longer exists in the code (the master branch does not have thisifblock at all).TestDebugDumpRedaction.java
HBaseTestingUtilityinstead ofHBaseTestingUtilREDACTED_PROPSusingArrays.asList()instead ofList.of()and using.collect(Collectors.toList())instead of.toList().TestServerHttpUtils.java
static final String PLAIN_TEXT = "text/plain"instead ofstatic final String PLAIN_TEXT_UTF8 = "text/plain;charset=utf-8".