[
https://issues.apache.org/jira/browse/CASSANDRA-12545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15578379#comment-15578379
]
Amit Deshpande commented on CASSANDRA-12545:
--------------------------------------------
https://github.com/apache/cassandra/pull/76/files
> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
> Key: CASSANDRA-12545
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12545
> Project: Cassandra
> Issue Type: Sub-task
> Reporter: Eduardo Aguinaga
> Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file CoalescingStrategies.java on line 502 there is a portability
> problem with the call to toLowerCase() because it has different locales which
> may lead to unexpected output. This may also circumvent custom validation
> routines.
> {code:java}
> CoalescingStrategies.java, lines 502-519:
> 502 String strategyCleaned = strategy.trim().toUpperCase();
> 503 switch(strategyCleaned)
> 504 {
> 505 case "MOVINGAVERAGE":
> 506 classname = MovingAverageCoalescingStrategy.class.getName();
> 507 break;
> 508 case "FIXED":
> 509 classname = FixedCoalescingStrategy.class.getName();
> 510 break;
> 511 case "TIMEHORIZON":
> 512 classname =
> TimeHorizonMovingAverageCoalescingStrategy.class.getName();
> 513 break;
> 514 case "DISABLED":
> 515 classname = DisabledCoalescingStrategy.class.getName();
> 516 break;
> 517 default:
> 518 classname = strategy;
> 519 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
