[CASSANDRA-11501] StressGraph creates invalid JSON in cases when control characters are placed on the command-line - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Low
Resolution: Unresolved
Fix Version/s: None
Component/s: Legacy/Tools
Labels:
None

Severity:
Low
Since Version:

3.2

Description

Several cases in tools/stress/src/org/apache/cassandra/stress/StressGraph.java use JSONObject.put (inherited from Map) without escaping the input. I encountered this when using -graph on windows and using a windows file path (such as C:\path). In this instance the backslash was un-escaped and resulted in invalid JSON placed in the output html/javascript, which caused the page not to render. There are other cases in this file when input is not escaped as well.

All values should be escaped (using JSONObject.escape(), for example) before being put into the Map.

ref: https://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=blob;f=tools/stress/src/org/apache/cassandra/stress/StressGraph.java;h=ebaa0aecdb2db68485960013d4b6124c57fe1ac4;hb=HEAD lines 205, 210, 211, 213, 215, 216, 217, 252, 253

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Coltrey Mather

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 05/Apr/16 13:38

Updated:: 16/Apr/19 09:30