Eduardo Aguinaga created CASSANDRA-12546:
--------------------------------------------
Summary: Privacy Violation
Key: CASSANDRA-12546
URL: https://issues.apache.org/jira/browse/CASSANDRA-12546
Project: Cassandra
Issue Type: Sub-task
Reporter: Eduardo Aguinaga
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
In the file DigestMismatchException.java on line 30 the method
DigestMismatchException() mishandles sensitive information. Sensitive
information should be handled carefully to avoid divulging it to unauthorized
parties.
{code:java}
DigestMismatchException.java, lines 28-34:
28 public DigestMismatchException(DecoratedKey key, ByteBuffer digest1,
ByteBuffer digest2)
29 {
30 super(String.format("Mismatch for key %s (%s vs %s)",
31 key.toString(),
32 ByteBufferUtil.bytesToHex(digest1),
33 ByteBufferUtil.bytesToHex(digest2)));
34 }
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
