[
https://issues.apache.org/jira/browse/CASSANDRA-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jeremiah Jordan updated CASSANDRA-7725:
---------------------------------------
Reproduced In: 2.1 rc5, 2.0.10 (was: 2.0.10)
> CqlRecordReader does not validate input_cql Statments
> -----------------------------------------------------
>
> Key: CASSANDRA-7725
> URL: https://issues.apache.org/jira/browse/CASSANDRA-7725
> Project: Cassandra
> Issue Type: Bug
> Components: Hadoop
> Reporter: Russell Alexander Spitzer
> Assignee: Alex Liu
> Fix For: 2.0.10, 2.1.0
>
>
> CRR reader doesn't validate input_cql statements which can lead to some very
> dangerous results. In general we should make sure that the statement conforms
> to the required template and throw an exception if they don't.
> For example if a use puts in an input statement like
> {code}
> SELECT * from ks.tab
> {code}
> Will run but will run the same query for each split.
> https://github.com/apache/cassandra/blob/541a20dbb2ef258705c0632cddc3361ea533995c/src/java/org/apache/cassandra/hadoop/cql3/CqlRecordReader.java#L231
--
This message was sent by Atlassian JIRA
(v6.2#6252)
