Description
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
Issue:
In the file CoalescingStrategies.java on line 502 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.
CoalescingStrategies.java, lines 502-519: 502 String strategyCleaned = strategy.trim().toUpperCase(); 503 switch(strategyCleaned) 504 { 505 case "MOVINGAVERAGE": 506 classname = MovingAverageCoalescingStrategy.class.getName(); 507 break; 508 case "FIXED": 509 classname = FixedCoalescingStrategy.class.getName(); 510 break; 511 case "TIMEHORIZON": 512 classname = TimeHorizonMovingAverageCoalescingStrategy.class.getName(); 513 break; 514 case "DISABLED": 515 classname = DisabledCoalescingStrategy.class.getName(); 516 break; 517 default: 518 classname = strategy; 519 }