[
https://issues.apache.org/jira/browse/CASSANDRA-12542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eduardo Aguinaga updated CASSANDRA-12542:
-----------------------------------------
Description:
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
In the file SpeculativeRetryParam.java on lines 91 and 103 there are a
portability problems with the call to toLowerCase() because it has different
locales which may lead to unexpected output. This may also circumvent custom
validation routines.
SpeculativeRetryParam.java, lines 91-101:
{code:java}
091 if (value.toLowerCase().endsWith("ms"))
092 {
093 try
094 {
095 return custom(Double.parseDouble(value.substring(0, value.length()
- "ms".length())));
096 }
097 catch (IllegalArgumentException e)
098 {
099 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
100 }
101 }
{code}
SpeculativeRetryParam.java, lines 103-121:
{code:java}
103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
104 {
105 double threshold;
106 try
107 {
108 threshold = Double.parseDouble(value.substring(0, value.length() -
Kind.PERCENTILE.toString().length()));
109 }
110 catch (IllegalArgumentException e)
111 {
112 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
113 }
114
115 if (threshold >= 0.0 && threshold <= 100.0)
116 return percentile(threshold);
117
118 throw new ConfigurationException(format("Invalid value %s for
PERCENTILE option '%s': must be between 0.0 and 100.0",
119 value,
120
TableParams.Option.SPECULATIVE_RETRY));
121 }
{code}
was:
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included
an automated analysis using HP Fortify v4.21 SCA and a manual analysis
utilizing SciTools Understand v4. The results of that
analysis includes the issue below.
Issue:
In the file SpeculativeRetryParam.java on lines 91 and 103 there are a
portability problems with the call to toLowerCase() because it has different
locales which may lead to unexpected output. This may also circumvent custom
validation routines.
SpeculativeRetryParam.java, lines 91-101:
{code:java}
091 if (value.toLowerCase().endsWith("ms"))
092 {
093 try
094 {
095 return custom(Double.parseDouble(value.substring(0, value.length()
- "ms".length())));
096 }
097 catch (IllegalArgumentException e)
098 {
099 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
100 }
101 }
{code}
SpeculativeRetryParam.java, lines 103-121:
{code:java}
103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
104 {
105 double threshold;
106 try
107 {
108 threshold = Double.parseDouble(value.substring(0, value.length() -
Kind.PERCENTILE.toString().length()));
109 }
110 catch (IllegalArgumentException e)
111 {
112 throw new ConfigurationException(format("Invalid value %s for
option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
113 }
114
115 if (threshold >= 0.0 && threshold <= 100.0)
116 return percentile(threshold);
117
118 throw new ConfigurationException(format("Invalid value %s for
PERCENTILE option '%s': must be between 0.0 and 100.0",
119 value,
120
TableParams.Option.SPECULATIVE_RETRY));
121 }
{code}
> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
> Key: CASSANDRA-12542
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12542
> Project: Cassandra
> Issue Type: Sub-task
> Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file SpeculativeRetryParam.java on lines 91 and 103 there are a
> portability problems with the call to toLowerCase() because it has different
> locales which may lead to unexpected output. This may also circumvent custom
> validation routines.
> SpeculativeRetryParam.java, lines 91-101:
> {code:java}
> 091 if (value.toLowerCase().endsWith("ms"))
> 092 {
> 093 try
> 094 {
> 095 return custom(Double.parseDouble(value.substring(0,
> value.length() - "ms".length())));
> 096 }
> 097 catch (IllegalArgumentException e)
> 098 {
> 099 throw new ConfigurationException(format("Invalid value %s for
> option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
> 100 }
> 101 }
> {code}
> SpeculativeRetryParam.java, lines 103-121:
> {code:java}
> 103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
> 104 {
> 105 double threshold;
> 106 try
> 107 {
> 108 threshold = Double.parseDouble(value.substring(0, value.length()
> - Kind.PERCENTILE.toString().length()));
> 109 }
> 110 catch (IllegalArgumentException e)
> 111 {
> 112 throw new ConfigurationException(format("Invalid value %s for
> option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
> 113 }
> 114
> 115 if (threshold >= 0.0 && threshold <= 100.0)
> 116 return percentile(threshold);
> 117
> 118 throw new ConfigurationException(format("Invalid value %s for
> PERCENTILE option '%s': must be between 0.0 and 100.0",
> 119 value,
> 120
> TableParams.Option.SPECULATIVE_RETRY));
> 121 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
