[CASSANDRA-12541] Portability Flaw: Locale Dependent Comparison - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 3.0.10, 3.10
Component/s: None
Labels:
None

Description

Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

Issue:
In the file CqlRecordWriter.java on line 128 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

CqlRecordWriter.java, lines 127-130:
127 String cqlQuery = CqlConfigHelper.getOutputCql(conf).trim();
128 if (cqlQuery.toLowerCase().startsWith("insert"))
129     throw new UnsupportedOperationException("INSERT with CqlRecordWriter is not supported, please use UPDATE/DELETE statement");
130 cql = appendKeyWhereClauses(cqlQuery);

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

CASSANDRA-12541,12542,12543.patch
19/Oct/16 21:37
4 kB
Amit Deshpande

Issue Links

links to

GitHub Pull Request #76

Activity

People

Assignee:: Unassigned

Reporter:: Eduardo Aguinaga

Reviewers:: Jeff Jirsa

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 25/Aug/16 17:24

Updated:: 16/Apr/19 09:30

Resolved:: 20/Oct/16 04:05