Sorry, i missed to attach the project Eduardo Alonso Vía de las dos Castillas, 33, Ática 4, 3ª Planta 28224 Pozuelo de Alarcón, Madrid Tel: +34 91 828 6473 // www.stratio.com // *@stratiobd <https://twitter.com/StratioBD>*
2016-09-06 15:15 GMT+02:00 Eduardo Alonso <eduardoalo...@stratio.com>:
> Hi to all:
>
> I think i have found a bug, serious one.
>
> I have found a INSERT query that does not validate the params and accept
> an String as a valid value for a List<String>. This produce an out of
> memory exception due to java heap in the server.
>
> I have coded a very simple maven project in java to ilustrate you. It is
> attached
>
> To generate the jar: 'mvn clean compile assembly:single'
> To run it: 'java -jar target/EvilQuery-1.0-SNAPSHOT-jar-with-dependencies.jar
> -host localhost -keyspace keyspace_name -table table_name'
>
> Can anyone run it and tell us if this always happens or it's only me??
>
> Basically this is the code:
>
> `
> Cluster cluster=Cluster.builder().addContactPoint(host).build();
> Session session = cluster.connect();
>
> String createKeyspace=String.format("CREATE KEYSPACE IF NOT EXISTS %s
> WITH replication = {'class': 'SimpleStrategy', 'replication_factor' : 1}
> AND durable_writes = true;",keyspace);
> session.execute(createKeyspace);
>
> String createTable=String.format("CREATE TABLE IF NOT EXISTS %s.%s( pk
> uuid, mylist list<text>, PRIMARY KEY (pk));",keyspace,table);
> session.execute(createTable);
>
> *Statement insert = QueryBuilder.insertInto(keyspace, table)*
> * .value("pk", UUID.randomUUID())*
> * .value("mylist","blabla");*
> *session.execute(insert);*
> session.close();
> cluster.close();
> `
>
>
> I have tested against cassandra 2.2.7, 3.0.x and 3.x and the bug appears
> always.
>
>
> Eduardo Alonso
> Vía de las dos Castillas, 33, Ática 4, 3ª Planta
> 28224 Pozuelo de Alarcón, Madrid
> Tel: +34 91 828 6473 // www.stratio.com // *@stratiobd
> <https://twitter.com/StratioBD>*
>
EvilQuery.tar.gz
Description: GNU Zip compressed data
