Eduardo Aguinaga created CASSANDRA-12546: --------------------------------------------
Summary: Privacy Violation Key: CASSANDRA-12546 URL: https://issues.apache.org/jira/browse/CASSANDRA-12546 Project: Cassandra Issue Type: Sub-task Reporter: Eduardo Aguinaga Overview: In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below. Issue: In the file DigestMismatchException.java on line 30 the method DigestMismatchException() mishandles sensitive information. Sensitive information should be handled carefully to avoid divulging it to unauthorized parties. {code:java} DigestMismatchException.java, lines 28-34: 28 public DigestMismatchException(DecoratedKey key, ByteBuffer digest1, ByteBuffer digest2) 29 { 30 super(String.format("Mismatch for key %s (%s vs %s)", 31 key.toString(), 32 ByteBufferUtil.bytesToHex(digest1), 33 ByteBufferUtil.bytesToHex(digest2))); 34 } {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)