[jira] [Updated] (CASSANDRA-12542) Portability Flaw: Locale Dependent Comparison

Sat, 27 Aug 2016 11:41:21 -0700 

     [ 
https://issues.apache.org/jira/browse/CASSANDRA-12542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dave Brosius updated CASSANDRA-12542:
-------------------------------------
    Priority: Trivial  (was: Major)

> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
>                 Key: CASSANDRA-12542
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12542
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>            Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 
> of the Cassandra source code. The analysis included an automated analysis 
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools 
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> In the file SpeculativeRetryParam.java on lines 91 and 103 there are a 
> portability problems with the call to toLowerCase() because it has different 
> locales which may lead to unexpected output. This may also circumvent custom 
> validation routines.
> SpeculativeRetryParam.java, lines 91-101:
> {code:java}
> 091 if (value.toLowerCase().endsWith("ms"))
> 092 {
> 093     try
> 094     {
> 095         return custom(Double.parseDouble(value.substring(0, 
> value.length() - "ms".length())));
> 096     }
> 097     catch (IllegalArgumentException e)
> 098     {
> 099         throw new ConfigurationException(format("Invalid value %s for 
> option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
> 100     }
> 101 }
> {code}
> SpeculativeRetryParam.java, lines 103-121:
> {code:java}
> 103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
> 104 {
> 105     double threshold;
> 106     try
> 107     {
> 108         threshold = Double.parseDouble(value.substring(0, value.length() 
> - Kind.PERCENTILE.toString().length()));
> 109     }
> 110     catch (IllegalArgumentException e)
> 111     {
> 112         throw new ConfigurationException(format("Invalid value %s for 
> option '%s'", value, TableParams.Option.SPECULATIVE_RETRY));
> 113     }
> 114 
> 115     if (threshold >= 0.0 && threshold <= 100.0)
> 116         return percentile(threshold);
> 117 
> 118     throw new ConfigurationException(format("Invalid value %s for 
> PERCENTILE option '%s': must be between 0.0 and 100.0",
> 119                                             value,
> 120                                             
> TableParams.Option.SPECULATIVE_RETRY));
> 121 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to