[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[ https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] C. Scott Andreas updated CASSANDRA-12332: - Component/s: Core > Weak SecurityManager Check: Overridable Method > -- > > Key: CASSANDRA-12332 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12332 > Project: Cassandra > Issue Type: Sub-task > Components: Core >Reporter: Eduardo Aguinaga >Priority: Major > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > Non-final methods that perform security checks may be overridden in ways that > bypass security checks. > {code:java} > CassandraDaemon.java, lines 155-165: > 155 protected void setup() > 156 { > 157 // Delete any failed snapshot deletions on Windows - see > CASSANDRA-9658 > 158 if (FBUtilities.isWindows()) > 159 WindowsFailedSnapshotTracker.deleteOldSnapshots(); > 160 > 161 ThreadAwareSecurityManager.install(); > 162 > 163 logSystemInfo(); > 164 > 165 CLibrary.tryMlockall(); > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[ https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jonathan Ellis updated CASSANDRA-12332: --- Issue Type: Sub-task (was: Bug) Parent: CASSANDRA-12334 > Weak SecurityManager Check: Overridable Method > -- > > Key: CASSANDRA-12332 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12332 > Project: Cassandra > Issue Type: Sub-task >Reporter: Eduardo Aguinaga > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > Non-final methods that perform security checks may be overridden in ways that > bypass security checks. > {code:java} > CassandraDaemon.java, lines 155-165: > 155 protected void setup() > 156 { > 157 // Delete any failed snapshot deletions on Windows - see > CASSANDRA-9658 > 158 if (FBUtilities.isWindows()) > 159 WindowsFailedSnapshotTracker.deleteOldSnapshots(); > 160 > 161 ThreadAwareSecurityManager.install(); > 162 > 163 logSystemInfo(); > 164 > 165 CLibrary.tryMlockall(); > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[ https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eduardo Aguinaga updated CASSANDRA-12332: - Reproduced In: 3.0.5 Fix Version/s: (was: 3.0.5) > Weak SecurityManager Check: Overridable Method > -- > > Key: CASSANDRA-12332 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12332 > Project: Cassandra > Issue Type: Bug >Reporter: Eduardo Aguinaga > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > Non-final methods that perform security checks may be overridden in ways that > bypass security checks. > {code:java} > CassandraDaemon.java, lines 155-165: > 155 protected void setup() > 156 { > 157 // Delete any failed snapshot deletions on Windows - see > CASSANDRA-9658 > 158 if (FBUtilities.isWindows()) > 159 WindowsFailedSnapshotTracker.deleteOldSnapshots(); > 160 > 161 ThreadAwareSecurityManager.install(); > 162 > 163 logSystemInfo(); > 164 > 165 CLibrary.tryMlockall(); > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)