Skip to content

HBASE-29791: Backport 'HBASE-29761: The HBase UI's Debug Dump is not redacting sensitive information' to branch-2.6 #7571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
taklwu merged 2 commits into from
Jan 5, 2026
Merged

HBASE-29791: Backport 'HBASE-29761: The HBase UI's Debug Dump is not redacting sensitive information' to branch-2.6 #7571

taklwu merged 2 commits into from
Jan 5, 2026
+339 −67

Conversation

@kgeisz
Copy link
Contributor

@kgeisz kgeisz commented Dec 19, 2025

https://issues.apache.org/jira/browse/HBASE-29791

This pull request back-ports HBASE-29761: The HBase UI's Debug Dump is not redacting sensitive information into branch-2. HBASE-29761 fixes an issue where sensitive information, such as passwords, were not being redacted when looking at a server's Debug Dump in the HBase UI. Similar to PR #7568 with branch-2, some small modifications needed to be made in the Java code in order to get this commit to build. The changes included:

MasterDumpServlet.java and RSDumpServlet.java

  • Using StandardCharsets.UTF_8.toString() instead of StandardCharsets.UTF_8

MasterDumpServlet.java

  • Changed if (isShowQueueDump(conf)) to if (isShowQueueDump(master.getConfiguration())) since the conf variable no longer exists in the code (the master branch does not have this if block at all).

TestDebugDumpRedaction.java

  • Using HBaseTestingUtility instead of HBaseTestingUtil
  • Initializing REDACTED_PROPS using Arrays.asList() instead of List.of() and using .collect(Collectors.toList()) instead of .toList().

TestServerHttpUtils.java

  • Using static final String PLAIN_TEXT = "text/plain" instead of static final String PLAIN_TEXT_UTF8 = "text/plain;charset=utf-8".

@kgeisz
HBASE-29791: Backport 'HBASE-29761: The HBase UI's Debug Dump is not …
10576b8 
…redacting sensitive information' to branch-2.6

Change-Id: Ibdd5c605a7cb65702562428c5b865060b0a49254
@Apache-HBase

This comment has been minimized.

Sign in to view
@Apache-HBase

This comment has been minimized.

Sign in to view
@Apache-HBase

This comment has been minimized.

Sign in to view
@Apache-HBase

This comment has been minimized.

Sign in to view
@kgeisz
Fix failing unit test
71b54bd 
Change-Id: I3811e5f8bb98c81e2a73b266341dec1acfe28dce
@Apache-HBase
Copy link

Apache-HBase commented Dec 30, 2025

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 0m 45s Docker mode activated.
_ Prechecks _
+1 💚 dupname 0m 0s No case conflicting files found.
+0 🆗 codespell 0m 0s codespell was not available.
+0 🆗 detsecrets 0m 0s detect-secrets was not available.
+1 💚 @author 0m 0s The patch does not contain any @author tags.
+1 💚 hbaseanti 0m 0s Patch does not have any anti-patterns.
_ branch-2.6 Compile Tests _
+1 💚 mvninstall 3m 24s branch-2.6 passed
+1 💚 compile 2m 56s branch-2.6 passed
+1 💚 checkstyle 0m 38s branch-2.6 passed
+1 💚 spotbugs 1m 34s branch-2.6 passed
+1 💚 spotless 0m 50s branch has no errors when running spotless:check.
_ Patch Compile Tests _
+1 💚 mvninstall 2m 55s the patch passed
+1 💚 compile 2m 55s the patch passed
+1 💚 javac 2m 55s the patch passed
+1 💚 blanks 0m 0s The patch has no blanks issues.
-0 ⚠️ checkstyle 0m 36s /results-checkstyle-hbase-server.txt hbase-server: The patch generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0)
+1 💚 spotbugs 1m 39s the patch passed
+1 💚 hadoopcheck 16m 14s Patch does not cause any errors with Hadoop 2.10.2 or 3.3.6 3.4.1.
+1 💚 spotless 0m 42s patch has no errors when running spotless:check.
_ Other Tests _
+1 💚 asflicense 0m 12s The patch does not generate ASF License warnings.
37m 23s
Subsystem Report/Notes
Docker ClientAPI=1.43 ServerAPI=1.43 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/artifact/yetus-general-check/output/Dockerfile
GITHUB PR #7571
Optional Tests dupname asflicense javac spotbugs checkstyle codespell detsecrets compile hadoopcheck hbaseanti spotless
uname Linux cab334932466 5.4.0-1103-aws #111~18.04.1-Ubuntu SMP Tue May 23 20:04:10 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.6 / 71b54bd
Default Java Eclipse Adoptium-11.0.23+9
Max. process+thread count 79 (vs. ulimit of 30000)
modules C: hbase-server U: hbase-server
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/console
versions git=2.34.1 maven=3.9.8 spotbugs=4.7.3
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

Apache-HBase commented Dec 30, 2025

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 1m 24s Docker mode activated.
-0 ⚠️ yetus 0m 4s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.6 Compile Tests _
+1 💚 mvninstall 2m 54s branch-2.6 passed
+1 💚 compile 0m 42s branch-2.6 passed
+1 💚 javadoc 0m 21s branch-2.6 passed
+1 💚 shadedjars 4m 41s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 2m 13s the patch passed
+1 💚 compile 0m 42s the patch passed
+1 💚 javac 0m 42s the patch passed
+1 💚 javadoc 0m 20s the patch passed
+1 💚 shadedjars 4m 36s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 184m 42s hbase-server in the patch passed.
206m 24s
Subsystem Report/Notes
Docker ClientAPI=1.48 ServerAPI=1.48 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/artifact/yetus-jdk17-hadoop3-check/output/Dockerfile
GITHUB PR #7571
Optional Tests javac javadoc unit compile shadedjars
uname Linux eee5835324f5 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.6 / 71b54bd
Default Java Eclipse Adoptium-17.0.11+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/testReport/
Max. process+thread count 3829 (vs. ulimit of 30000)
modules C: hbase-server U: hbase-server
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

Apache-HBase commented Dec 30, 2025

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 1m 27s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.6 Compile Tests _
+1 💚 mvninstall 2m 18s branch-2.6 passed
+1 💚 compile 0m 32s branch-2.6 passed
+1 💚 javadoc 0m 21s branch-2.6 passed
+1 💚 shadedjars 3m 58s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 1m 45s the patch passed
+1 💚 compile 0m 31s the patch passed
+1 💚 javac 0m 31s the patch passed
+1 💚 javadoc 0m 18s the patch passed
+1 💚 shadedjars 3m 57s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 191m 8s hbase-server in the patch passed.
210m 5s
Subsystem Report/Notes
Docker ClientAPI=1.48 ServerAPI=1.48 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/artifact/yetus-jdk8-hadoop2-check/output/Dockerfile
GITHUB PR #7571
Optional Tests javac javadoc unit compile shadedjars
uname Linux c49f8ca96ec5 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.6 / 71b54bd
Default Java Temurin-1.8.0_412-b08
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/testReport/
Max. process+thread count 3549 (vs. ulimit of 30000)
modules C: hbase-server U: hbase-server
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@Apache-HBase
Copy link

Apache-HBase commented Dec 30, 2025

🎊 +1 overall

Vote Subsystem Runtime Logfile Comment
+0 🆗 reexec 1m 26s Docker mode activated.
-0 ⚠️ yetus 0m 5s Unprocessed flag(s): --brief-report-file --spotbugs-strict-precheck --author-ignore-list --blanks-eol-ignore-file --blanks-tabs-ignore-file --quick-hadoopcheck
_ Prechecks _
_ branch-2.6 Compile Tests _
+1 💚 mvninstall 2m 44s branch-2.6 passed
+1 💚 compile 0m 38s branch-2.6 passed
+1 💚 javadoc 0m 21s branch-2.6 passed
+1 💚 shadedjars 4m 40s branch has no errors when building our shaded downstream artifacts.
_ Patch Compile Tests _
+1 💚 mvninstall 2m 11s the patch passed
+1 💚 compile 0m 38s the patch passed
+1 💚 javac 0m 38s the patch passed
+1 💚 javadoc 0m 19s the patch passed
+1 💚 shadedjars 4m 38s patch has no errors when building our shaded downstream artifacts.
_ Other Tests _
+1 💚 unit 195m 1s hbase-server in the patch passed.
216m 28s
Subsystem Report/Notes
Docker ClientAPI=1.48 ServerAPI=1.48 base: https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/artifact/yetus-jdk11-hadoop3-check/output/Dockerfile
GITHUB PR #7571
Optional Tests javac javadoc unit compile shadedjars
uname Linux d19ada39ac06 6.8.0-1024-aws #26~22.04.1-Ubuntu SMP Wed Feb 19 06:54:57 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
Build tool maven
Personality dev-support/hbase-personality.sh
git revision branch-2.6 / 71b54bd
Default Java Eclipse Adoptium-11.0.23+9
Test Results https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/testReport/
Max. process+thread count 3750 (vs. ulimit of 30000)
modules C: hbase-server U: hbase-server
Console output https://ci-hbase.apache.org/job/HBase-PreCommit-GitHub-PR/job/PR-7571/2/console
versions git=2.34.1 maven=3.9.8
Powered by Apache Yetus 0.15.0 https://yetus.apache.org

This message was automatically generated.

@kgeisz kgeisz mentioned this pull request Dec 31, 2025
Merged
PDavid
PDavid approved these changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@PDavid PDavid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks! 👍

@PDavid PDavid added the backport This PR is a back port of some issue or issues already committed to master label Jan 5, 2026
taklwu
taklwu approved these changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@taklwu taklwu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@taklwu taklwu merged commit e3b850c into apache:branch-2.6 Jan 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PDavid PDavid PDavid approved these changes

@taklwu taklwu taklwu approved these changes

Assignees

No one assigned

Labels

backport This PR is a back port of some issue or issues already committed to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kgeisz @Apache-HBase @PDavid @taklwu