[CASSANDRA-12545] Portability Flaw: Locale Dependent Comparison - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Low
Resolution: Fixed
Fix Version/s: 3.0.10, 3.10
Component/s: None
Labels:
None

Description

Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

Issue:
In the file CoalescingStrategies.java on line 502 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.

CoalescingStrategies.java, lines 502-519:
502 String strategyCleaned = strategy.trim().toUpperCase();
503 switch(strategyCleaned)
504 {
505 case "MOVINGAVERAGE":
506     classname = MovingAverageCoalescingStrategy.class.getName();
507     break;
508 case "FIXED":
509     classname = FixedCoalescingStrategy.class.getName();
510     break;
511 case "TIMEHORIZON":
512     classname = TimeHorizonMovingAverageCoalescingStrategy.class.getName();
513     break;
514 case "DISABLED":
515     classname = DisabledCoalescingStrategy.class.getName();
516     break;
517 default:
518     classname = strategy;
519 }

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

CASSANDRA-12541,12542,12543.patch
19/Oct/16 21:39
4 kB
Amit Deshpande

Activity

People

Assignee:: Unassigned

Reporter:: Eduardo Aguinaga

Reviewers:: Jeff Jirsa

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 25/Aug/16 17:43

Updated:: 16/Apr/19 09:30

Resolved:: 20/Oct/16 04:08