[
https://issues.apache.org/jira/browse/CASSANDRA-5710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Ellis reopened CASSANDRA-5710:
---------------------------------------
> COPY ... TO command does not work with collections
> --------------------------------------------------
>
> Key: CASSANDRA-5710
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5710
> Project: Cassandra
> Issue Type: Bug
> Components: API
> Affects Versions: 1.2.5
> Environment: Ubuntu 12.04 LTS
> Reporter: Lex Lythius
> Labels: cql, security
>
> COPY TO does not quote set/list/map entries, which renders CSV unusable.
> E.g, having tbl with a column col set<ascii>
> INSERT INTO tbl (id, col) VALUES (1, {'}'});
> COPY tbl TO ... produces this:
> 1,{}}
> Then COPY FROM complains:
> Bad Request: line 1:4 extraneous input '}' expecting ')'
> CSV imports consistently fail when trying to import non-empty collection
> columns.
> Actually, the effect is pretty much a CQL injection, although I wasn't able
> to exploit it using tainted values like '}; DROP TABLE users;--'.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
