[ https://issues.apache.org/jira/browse/CASSANDRA-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeremiah Jordan updated CASSANDRA-7725: --------------------------------------- Reproduced In: 2.0.10 > CqlRecordReader does not validate input_cql Statments > ----------------------------------------------------- > > Key: CASSANDRA-7725 > URL: https://issues.apache.org/jira/browse/CASSANDRA-7725 > Project: Cassandra > Issue Type: Bug > Components: Hadoop > Reporter: Russell Alexander Spitzer > Assignee: Alex Liu > Fix For: 2.0.10 > > > CRR reader doesn't validate input_cql statements which can lead to some very > dangerous results. In general we should make sure that the statement conforms > to the required template and throw an exception if they don't. > For example if a use puts in an input statement like > {code} > SELECT * from ks.tab > {code} > Will run but will run the same query for each split. > https://github.com/apache/cassandra/blob/541a20dbb2ef258705c0632cddc3361ea533995c/src/java/org/apache/cassandra/hadoop/cql3/CqlRecordReader.java#L231 -- This message was sent by Atlassian JIRA (v6.2#6252)