[jira] [Commented] (CASSANDRA-12541) Portability Flaw: Locale Dependent Comparison

Sat, 15 Oct 2016 09:26:00 -0700 

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-12541?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15578377#comment-15578377
 ] 

ASF GitHub Bot commented on CASSANDRA-12541:
--------------------------------------------

GitHub user deshpamit opened a pull request:

    https://github.com/apache/cassandra/pull/76

    CASSANDRA-12541, CASSANDRA-12542, CASSANDRA-12543 and CASSANDRA-12545

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/deshpamit/cassandra trunk

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cassandra/pull/76.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #76
    
----
commit cb47a3937bab99980d4fec481bfb2b163535a2f0
Author: Amit Deshpande <amit.deshpa...@capitalone.com>
Date:   2016-10-15T16:23:50Z

    CASSANDRA-12541, CASSANDRA-12542, CASSANDRA-12543 and CASSANDRA-12545

----


> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
>                 Key: CASSANDRA-12541
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12541
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>            Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 
> of the Cassandra source code. The analysis included an automated analysis 
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools 
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file CqlRecordWriter.java on line 128 there is a portability problem 
> with the call to toLowerCase() because it has different locales which may 
> lead to unexpected output. This may also circumvent custom validation 
> routines.
> {code:java}
> CqlRecordWriter.java, lines 127-130:
> 127 String cqlQuery = CqlConfigHelper.getOutputCql(conf).trim();
> 128 if (cqlQuery.toLowerCase().startsWith("insert"))
> 129     throw new UnsupportedOperationException("INSERT with CqlRecordWriter 
> is not supported, please use UPDATE/DELETE statement");
> 130 cql = appendKeyWhereClauses(cqlQuery);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to