Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent cluster internal `ClusterState.Custom` impls to leak to a client #26232

Merged
merged 2 commits into from Aug 16, 2017

Conversation

@s1monw
Copy link
Contributor

commented Aug 16, 2017

Today a ClusterState.Custom can be fetched by a transport client and
leaks to the user even if the classes are private etc since the serialized
bytes can be reconstructed. This change adds an option to customs to mark
them as private such that our clusterstate action will never leak it.

Prevent cluster internal `ClusterState.Custom` impls to leak to a client
Today a `ClusterState.Custom` can be fetched by a transport client and
leaks to the user even if the classes are private etc since the serialized
bytes can be reconstructed. This change adds an option to customs to mark
them as private such that our clusterstate action will never leak it.
@jasontedor
Copy link
Member

left a comment

LGTM.

assertTrue(state.customs().containsKey("test"));
}

private static class TestCustom extends AbstractNamedDiffable<ClusterState.Custom> implements ClusterState.Custom {

This comment has been minimized.

Copy link
@jasontedor

jasontedor Aug 16, 2017

Member

Extra space:

TestCustom  extends
          ^^

@s1monw s1monw merged commit 54bf7d7 into elastic:master Aug 16, 2017

2 checks passed

CLA Commit author is a member of Elasticsearch
Details
elasticsearch-ci Build finished.
Details

@s1monw s1monw deleted the s1monw:allow_customs_to_be_private branch Aug 16, 2017

@s1monw s1monw removed the v5.6.1 label Aug 16, 2017

s1monw added a commit that referenced this pull request Aug 16, 2017
Prevent cluster internal `ClusterState.Custom` impls to leak to a cli…
…ent (#26232)

Today a `ClusterState.Custom` can be fetched by a transport client and
leaks to the user even if the classes are private etc since the serialized
bytes can be reconstructed. This change adds an option to customs to mark
them as private such that our clusterstate action will never leak it.
s1monw added a commit that referenced this pull request Aug 16, 2017
Prevent cluster internal `ClusterState.Custom` impls to leak to a cli…
…ent (#26232)

Today a `ClusterState.Custom` can be fetched by a transport client and
leaks to the user even if the classes are private etc since the serialized
bytes can be reconstructed. This change adds an option to customs to mark
them as private such that our clusterstate action will never leak it.
jasontedor added a commit to glefloch/elasticsearch that referenced this pull request Aug 16, 2017
Merge branch 'master' into fix/24969
* master: (458 commits)
  Prevent cluster internal `ClusterState.Custom` impls to leak to a client (elastic#26232)
  Add packaging test for systemd runtime directive
  [TEST] Reenable RareClusterStateIt#testDeleteCreateInOneBulk
  Serialize and expose timeout of acknowledged requests in REST layer (elastic#26189)
  (refactor) some opportunities to use diamond operator (elastic#25585)
  [DOCS] Clarified readme for testing a single page
  Settings: Add keystore.seed auto generated secure setting (elastic#26149)
  Update version information (elastic#25226)
  "result" : created -> "result" : "created" (elastic#25446)
  Set RuntimeDirectory (elastic#23526)
  Drop upgrade from full cluster restart tests (elastic#26224)
  Further improve docs for requests_per_second
  Docs disambiguate reindex's requests_per_second (elastic#26185)
  [DOCS] Cleanup link for ec2 discovery (elastic#26222)
  Fix document field equals and hash code test
  Use holder pattern for lazy deprecation loggers
  Settings: Add keystore creation to add commands (elastic#26126)
  Docs: Cleanup docs for ec2 discovery (elastic#26065)
  Fix NPE when `values` is omitted on percentile_ranks agg (elastic#26046)
  Several internal improvements to internal test cluster infra (elastic#26214)
  ...
@imotov
Copy link
Member

left a comment

I think we should extend this functionality for MetaData.Custom as well, otherwise they will start to diverge and will be confusing.

@elasticmachine

This comment has been minimized.

Copy link
Collaborator

commented Jan 29, 2019

@colings86 colings86 added v7.0.0-beta1 and removed v7.0.0 labels Feb 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.