[ https://issues.apache.org/jira/browse/CASSANDRA-12308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
C. Scott Andreas updated CASSANDRA-12308: ----------------------------------------- Component/s: Core > Use of Dynamic Class Loading, Use of Externally-Controlled Input to Select > Classes or Code > ------------------------------------------------------------------------------------------ > > Key: CASSANDRA-12308 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12308 > Project: Cassandra > Issue Type: Sub-task > Components: Core > Reporter: Eduardo Aguinaga > Priority: Major > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > Dynamically loaded code has the potential to be malicious. The application > uses external input to select which classes or code to use, but it does not > sufficiently prevent the input from selecting improper classes or code. > The snippet below shows the issue which ends on line 585 by instantiating a > class by name. > ConfigHelper.java, lines 558-591: > {code:java} > 558 @SuppressWarnings("resource") > 559 public static Cassandra.Client createConnection(Configuration conf, > String host, Integer port) throws IOException > 560 { > 561 try > 562 { > 563 TTransport transport = > getClientTransportFactory(conf).openTransport(host, port); > 564 return new Cassandra.Client(new TBinaryProtocol(transport, true, > true)); > 565 } > 566 catch (Exception e) > 567 { > 568 throw new IOException("Unable to connect to server " + host + ":" > + port, e); > 569 } > 570 } > 571 > 572 public static ITransportFactory getClientTransportFactory(Configuration > conf) > 573 { > 574 String factoryClassName = conf.get(ITransportFactory.PROPERTY_KEY, > TFramedTransportFactory.class.getName()); > 575 ITransportFactory factory = > getClientTransportFactory(factoryClassName); > 576 Map<String, String> options = getOptions(conf, > factory.supportedOptions()); > 577 factory.setOptions(options); > 578 return factory; > 579 } > 580 > 581 private static ITransportFactory getClientTransportFactory(String > factoryClassName) > 582 { > 583 try > 584 { > 585 return (ITransportFactory) > Class.forName(factoryClassName).newInstance(); > 586 } > 587 catch (Exception e) > 588 { > 589 throw new RuntimeException("Failed to instantiate transport > factory:" + factoryClassName, e); > 590 } > 591 } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org