Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-12334 HP Fortify Analysis
  3. CASSANDRA-12544

Portability Flaw: Locale Dependent Comparison

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Low
    • Resolution: Fixed
    • 3.10
    • None
    • None

    Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      In the file LegacySchemaMigrator.java on line 286 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

      LegacySchemaMigrator.java, lines 286-289:
286 boolean isSuper = "super".equals(tableRow.getString("type").toLowerCase());
287 boolean isDense = tableRow.has("is_dense")
288                 ? tableRow.getBoolean("is_dense")
289                 : calculateIsDense(rawComparator, columnRows);

      Attachments

        Activity

          People

            dbrosius David Brosius
            EdAInWestOC Eduardo Aguinaga
            David Brosius
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: