Eduardo Aguinaga created CASSANDRA-12332: --------------------------------------------
Summary: Weak SecurityManager Check: Overridable Method Key: CASSANDRA-12332 URL: https://issues.apache.org/jira/browse/CASSANDRA-12332 Project: Cassandra Issue Type: Bug Reporter: Eduardo Aguinaga Fix For: 3.0.5 Overview: In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below. Issue: Non-final methods that perform security checks may be overridden in ways that bypass security checks. {code:java} CassandraDaemon.java, lines 155-165: 155 protected void setup() 156 { 157 // Delete any failed snapshot deletions on Windows - see CASSANDRA-9658 158 if (FBUtilities.isWindows()) 159 WindowsFailedSnapshotTracker.deleteOldSnapshots(); 160 161 ThreadAwareSecurityManager.install(); 162 163 logSystemInfo(); 164 165 CLibrary.tryMlockall(); {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)