Eduardo Aguinaga created CASSANDRA-12332:
--------------------------------------------
Summary: Weak SecurityManager Check: Overridable Method
Key: CASSANDRA-12332
URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
Project: Cassandra
Issue Type: Bug
Reporter: Eduardo Aguinaga
Fix For: 3.0.5
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
Non-final methods that perform security checks may be overridden in ways that
bypass security checks.
{code:java}
CassandraDaemon.java, lines 155-165:
155 protected void setup()
156 {
157 // Delete any failed snapshot deletions on Windows - see CASSANDRA-9658
158 if (FBUtilities.isWindows())
159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
160
161 ThreadAwareSecurityManager.install();
162
163 logSystemInfo();
164
165 CLibrary.tryMlockall();
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
