Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-7725

CqlRecordReader does not validate input_cql Statments

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Duplicate
    • Fix Version/s: 2.0.10, 2.1.0
    • Component/s: None
    • Labels:
      None
    • Severity:
      Normal

      Description

      CRR reader doesn't validate input_cql statements which can lead to some very dangerous results. In general we should make sure that the statement conforms to the required template and throw an exception if they don't.

      For example if a use puts in an input statement like

      SELECT * from ks.tab
      

      Will run but will run the same query for each split.

      https://github.com/apache/cassandra/blob/541a20dbb2ef258705c0632cddc3361ea533995c/src/java/org/apache/cassandra/hadoop/cql3/CqlRecordReader.java#L231

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mike_tr_adamson Mike Adamson
                Reporter:
                rspitzer Russell Spitzer
                Authors:
                Mike Adamson
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: