[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[
https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
C. Scott Andreas updated CASSANDRA-12332:
-
Component/s: Core
> Weak SecurityManager Check: Overridable Method
> --
>
> Key: CASSANDRA-12332
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
> Project: Cassandra
> Issue Type: Sub-task
> Components: Core
>Reporter: Eduardo Aguinaga
>Priority: Major
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> Non-final methods that perform security checks may be overridden in ways that
> bypass security checks.
> {code:java}
> CassandraDaemon.java, lines 155-165:
> 155 protected void setup()
> 156 {
> 157 // Delete any failed snapshot deletions on Windows - see
> CASSANDRA-9658
> 158 if (FBUtilities.isWindows())
> 159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
> 160
> 161 ThreadAwareSecurityManager.install();
> 162
> 163 logSystemInfo();
> 164
> 165 CLibrary.tryMlockall();
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
-
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[
https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Ellis updated CASSANDRA-12332:
---
Issue Type: Sub-task (was: Bug)
Parent: CASSANDRA-12334
> Weak SecurityManager Check: Overridable Method
> --
>
> Key: CASSANDRA-12332
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
> Project: Cassandra
> Issue Type: Sub-task
>Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> Non-final methods that perform security checks may be overridden in ways that
> bypass security checks.
> {code:java}
> CassandraDaemon.java, lines 155-165:
> 155 protected void setup()
> 156 {
> 157 // Delete any failed snapshot deletions on Windows - see
> CASSANDRA-9658
> 158 if (FBUtilities.isWindows())
> 159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
> 160
> 161 ThreadAwareSecurityManager.install();
> 162
> 163 logSystemInfo();
> 164
> 165 CLibrary.tryMlockall();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (CASSANDRA-12332) Weak SecurityManager Check: Overridable Method
[
https://issues.apache.org/jira/browse/CASSANDRA-12332?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eduardo Aguinaga updated CASSANDRA-12332:
-
Reproduced In: 3.0.5
Fix Version/s: (was: 3.0.5)
> Weak SecurityManager Check: Overridable Method
> --
>
> Key: CASSANDRA-12332
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12332
> Project: Cassandra
> Issue Type: Bug
>Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5
> of the Cassandra source code. The analysis included an automated analysis
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> Non-final methods that perform security checks may be overridden in ways that
> bypass security checks.
> {code:java}
> CassandraDaemon.java, lines 155-165:
> 155 protected void setup()
> 156 {
> 157 // Delete any failed snapshot deletions on Windows - see
> CASSANDRA-9658
> 158 if (FBUtilities.isWindows())
> 159 WindowsFailedSnapshotTracker.deleteOldSnapshots();
> 160
> 161 ThreadAwareSecurityManager.install();
> 162
> 163 logSystemInfo();
> 164
> 165 CLibrary.tryMlockall();
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
