spark-instrumented-optimizer

History

NICHOLAS T. MARION b512233a45 [SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities ## What changes were proposed in this pull request? Add stripXSS and stripXSSMap to Spark Core's UIUtils. Calling these functions at any point that getParameter is called against a HttpServletRequest. ## How was this patch tested? Unit tests, IBM Security AppScan Standard no longer showing vulnerabilities, manual verification of WebUI pages. Author: NICHOLAS T. MARION <nmarion@us.ibm.com> Closes #17686 from n-marion/xss-fix.	2017-05-10 10:59:57 +01:00
..
src	[SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities	2017-05-10 10:59:57 +01:00
pom.xml	[SPARK-20453] Bump master branch version to 2.3.0-SNAPSHOT	2017-04-24 21:48:04 -07:00

NICHOLAS T. MARION b512233a45 [SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities

## What changes were proposed in this pull request?

Add stripXSS and stripXSSMap to Spark Core's UIUtils. Calling these functions at any point that getParameter is called against a HttpServletRequest.

## How was this patch tested?

Unit tests, IBM Security AppScan Standard no longer showing vulnerabilities, manual verification of WebUI pages.

Author: NICHOLAS T. MARION <nmarion@us.ibm.com>

Closes #17686 from n-marion/xss-fix.

2017-05-10 10:59:57 +01:00

src

[SPARK-20393][WEBU UI] Strengthen Spark to prevent XSS vulnerabilities

2017-05-10 10:59:57 +01:00

pom.xml

[SPARK-20453] Bump master branch version to 2.3.0-SNAPSHOT

2017-04-24 21:48:04 -07:00