Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-12334 HP Fortify Analysis
  3. CASSANDRA-12541

Portability Flaw: Locale Dependent Comparison

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotVotersStop watchingWatchersConvert to IssueMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 3.0.10, 3.10
    • Component/s: None
    • Labels:
      None

      Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      In the file CqlRecordWriter.java on line 128 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

      CqlRecordWriter.java, lines 127-130:
      127 String cqlQuery = CqlConfigHelper.getOutputCql(conf).trim();
      128 if (cqlQuery.toLowerCase().startsWith("insert"))
      129     throw new UnsupportedOperationException("INSERT with CqlRecordWriter is not supported, please use UPDATE/DELETE statement");
      130 cql = appendKeyWhereClauses(cqlQuery);
      

        Attachments

          Activity

          $i18n.getText('security.level.explanation', $currentSelection) Viewable by All Users
          Cancel

            People

            • Assignee:
              Unassigned Assign to me
              Reporter:
              EdAInWestOC Eduardo Aguinaga
              Reviewers:
              Jeff Jirsa

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment