Details
-
Sub-task
-
Status: Open
-
Normal
-
Resolution: Unresolved
-
None
-
None
Description
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
Issue:
Non-final methods that perform security checks may be overridden in ways that bypass security checks.
CassandraDaemon.java, lines 155-165: 155 protected void setup() 156 { 157 // Delete any failed snapshot deletions on Windows - see CASSANDRA-9658 158 if (FBUtilities.isWindows()) 159 WindowsFailedSnapshotTracker.deleteOldSnapshots(); 160 161 ThreadAwareSecurityManager.install(); 162 163 logSystemInfo(); 164 165 CLibrary.tryMlockall();