Eduardo Aguinaga created CASSANDRA-12545:
--------------------------------------------
Summary: Portability Flaw: Locale Dependent Comparison
Key: CASSANDRA-12545
URL: https://issues.apache.org/jira/browse/CASSANDRA-12545
Project: Cassandra
Issue Type: Sub-task
Reporter: Eduardo Aguinaga
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of
the Cassandra source code. The analysis included an automated analysis using HP
Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The
results of that analysis includes the issue below.
Issue:
In the file CoalescingStrategies.java on line 502 there is a portability
problem with the call to toLowerCase() because it has different locales which
may lead to unexpected output. This may also circumvent custom validation
routines.
{code:java}
CoalescingStrategies.java, lines 502-519:
502 String strategyCleaned = strategy.trim().toUpperCase();
503 switch(strategyCleaned)
504 {
505 case "MOVINGAVERAGE":
506 classname = MovingAverageCoalescingStrategy.class.getName();
507 break;
508 case "FIXED":
509 classname = FixedCoalescingStrategy.class.getName();
510 break;
511 case "TIMEHORIZON":
512 classname = TimeHorizonMovingAverageCoalescingStrategy.class.getName();
513 break;
514 case "DISABLED":
515 classname = DisabledCoalescingStrategy.class.getName();
516 break;
517 default:
518 classname = strategy;
519 }
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
