Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-12334 HP Fortify Analysis
  3. CASSANDRA-12543

Portability Flaw: Locale Dependent Comparison

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Low
    • Resolution: Fixed
    • Fix Version/s: 3.0.10, 3.10
    • Component/s: None
    • Labels:
      None

      Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      In the file ThriftConversion.java on lines 197 and 679 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

      ThriftConversion.java, lines 197-202:

      197 switch (thriftColumnType.toLowerCase())
      198 {
      199     case "standard": return false;
      200     case "super": return true;
      201     default: throw new org.apache.cassandra.exceptions.InvalidRequestException("Invalid column type " + thriftColumnType);
      202 }
      

      ThriftConversion.java, lines 679-691:

      679 switch (caching.toUpperCase())
      680 {
      681     case "ALL":
      682         return CachingParams.CACHE_EVERYTHING;
      683     case "ROWS_ONLY":
      684         return new CachingParams(false, Integer.MAX_VALUE);
      685     case "KEYS_ONLY":
      686         return CachingParams.CACHE_KEYS;
      687     case "NONE":
      688         return CachingParams.CACHE_NOTHING;
      689     default:
      690         throw new ConfigurationException(String.format("Invalid value %s for caching parameter", caching));
      691 }
      

        Attachments

        1. CASSANDRA-12541,12542,12543.patch
          4 kB
          Amit Deshpande

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              EdAInWestOC Eduardo Aguinaga
              Reviewers:
              Jeff Jirsa
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: