Eduardo Aguinaga created CASSANDRA-12542:
--------------------------------------------
Summary: Portability Flaw: Locale Dependent Comparison
Key: CASSANDRA-12542
URL: https://issues.apache.org/jira/browse/CASSANDRA-12542
Project: Cassandra
Issue Type: Sub-task
Reporter: Eduardo Aguinaga
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included
an automated analysis using HP Fortify v4.21 SCA and a manual analysis
utilizing SciTools Understand v4. The results of that
analysis includes the issue below.
Issue:
In the file SpeculativeRetryParam.java on lines 91 and 103 there are a
portability problems with the call to toLowerCase() because it has different
locales which may lead to unexpected output. This may also circumvent custom
validation routines.
SpeculativeRetryParam.java, lines 91-101:
{code:java}
091 if (value.toLowerCase().endsWith("ms"))
092 {
093 try
094 {
095 return custom(Double.parseDouble(value.substring(0, value.length()
- "ms".length())));
096 }
097 catch (IllegalArgumentException e)
098 {
099 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
100 }
101 }
{code}
SpeculativeRetryParam.java, lines 103-121:
{code:java}
103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
104 {
105 double threshold;
106 try
107 {
108 threshold = Double.parseDouble(value.substring(0, value.length() -
Kind.PERCENTILE.toString().length()));
109 }
110 catch (IllegalArgumentException e)
111 {
112 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
113 }
114
115 if (threshold >= 0.0 && threshold <= 100.0)
116 return percentile(threshold);
117
118 throw new ConfigurationException(format("Invalid value %s for
PERCENTILE option '%s': must be between 0.0 and 100.0",
119 value,
120
TableParams.Option.SPECULATIVE_RETRY));
121 }
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
