Eduardo Aguinaga created CASSANDRA-12545: --------------------------------------------
Summary: Portability Flaw: Locale Dependent Comparison Key: CASSANDRA-12545 URL: https://issues.apache.org/jira/browse/CASSANDRA-12545 Project: Cassandra Issue Type: Sub-task Reporter: Eduardo Aguinaga Overview: In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below. Issue: In the file CoalescingStrategies.java on line 502 there is a portability problem with the call to toLowerCase() because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines. {code:java} CoalescingStrategies.java, lines 502-519: 502 String strategyCleaned = strategy.trim().toUpperCase(); 503 switch(strategyCleaned) 504 { 505 case "MOVINGAVERAGE": 506 classname = MovingAverageCoalescingStrategy.class.getName(); 507 break; 508 case "FIXED": 509 classname = FixedCoalescingStrategy.class.getName(); 510 break; 511 case "TIMEHORIZON": 512 classname = TimeHorizonMovingAverageCoalescingStrategy.class.getName(); 513 break; 514 case "DISABLED": 515 classname = DisabledCoalescingStrategy.class.getName(); 516 break; 517 default: 518 classname = strategy; 519 } {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)