[
https://issues.apache.org/jira/browse/CASSANDRA-12546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dave Brosius updated CASSANDRA-12546:
-------------------------------------
Priority: Trivial (was: Major)
> Privacy Violation
> -----------------
>
> Key: CASSANDRA-12546
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12546
> Project: Cassandra
> Issue Type: Sub-task
> Reporter: Eduardo Aguinaga
> Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file DigestMismatchException.java on line 30 the method
> DigestMismatchException() mishandles sensitive information. Sensitive
> information should be handled carefully to avoid divulging it to unauthorized
> parties.
> {code:java}
> DigestMismatchException.java, lines 28-34:
> 28 public DigestMismatchException(DecoratedKey key, ByteBuffer digest1,
> ByteBuffer digest2)
> 29 {
> 30 super(String.format("Mismatch for key %s (%s vs %s)",
> 31 key.toString(),
> 32 ByteBufferUtil.bytesToHex(digest1),
> 33 ByteBufferUtil.bytesToHex(digest2)));
> 34 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
