Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-12334 HP Fortify Analysis
  3. CASSANDRA-12542

Portability Flaw: Locale Dependent Comparison

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 3.0.10, 3.10
    • Component/s: None
    • Labels:
      None

      Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      In the file SpeculativeRetryParam.java on lines 91 and 103 there are a portability problems with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

      SpeculativeRetryParam.java, lines 91-101:

      091 if (value.toLowerCase().endsWith("ms"))
      092 {
      093     try
      094     {
      095         return custom(Double.parseDouble(value.substring(0, value.length() - "ms".length())));
      096     }
      097     catch (IllegalArgumentException e)
      098     {
      099         throw new ConfigurationException(format("Invalid value %s for option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
      100     }
      101 }
      

      SpeculativeRetryParam.java, lines 103-121:

      103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
      104 {
      105     double threshold;
      106     try
      107     {
      108         threshold = Double.parseDouble(value.substring(0, value.length() - Kind.PERCENTILE.toString().length()));
      109     }
      110     catch (IllegalArgumentException e)
      111     {
      112         throw new ConfigurationException(format("Invalid value %s for option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
      113     }
      114 
      115     if (threshold >= 0.0 && threshold <= 100.0)
      116         return percentile(threshold);
      117 
      118     throw new ConfigurationException(format("Invalid value %s for PERCENTILE option '%s': must be between 0.0 and 100.0",
      119                                             value,
      120                                             TableParams.Option.SPECULATIVE_RETRY));
      121 }
      

        Attachments

        1. CASSANDRA-12541,12542,12543.patch
          4 kB
          Amit Deshpande

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              EdAInWestOC Eduardo Aguinaga
              Reviewers:
              Jeff Jirsa
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: