[
https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eduardo Aguinaga updated CASSANDRA-12332:
-----------------------------------------
Reproduced In: 3.0.5
Fix Version/s: (was: 3.0.5)
> Weak SecurityManager Check: Overridable Method
> ----------------------------------------------
>
> Key: CASSANDRA-12332
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
> Project: Cassandra
> Issue Type: Bug
> Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> Non-final methods that perform security checks may be overridden in ways that
> bypass security checks.
> {code:java}
> CassandraDaemon.java, lines 155-165:
> 155 protected void setup()
> 156 {
> 157 // Delete any failed snapshot deletions on Windows - see
> CASSANDRA-9658
> 158 if (FBUtilities.isWindows())
> 159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
> 160
> 161 ThreadAwareSecurityManager.install();
> 162
> 163 logSystemInfo();
> 164
> 165 CLibrary.tryMlockall();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
