cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Ellis (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (CASSANDRA-5710) COPY ... TO command does not work with collections
Date Thu, 27 Jun 2013 14:14:20 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-5710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jonathan Ellis reopened CASSANDRA-5710:
---------------------------------------

    
> COPY ... TO command does not work with collections
> --------------------------------------------------
>
>                 Key: CASSANDRA-5710
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5710
>             Project: Cassandra
>          Issue Type: Bug
>          Components: API
>    Affects Versions: 1.2.5
>         Environment: Ubuntu 12.04 LTS
>            Reporter: Lex Lythius
>              Labels: cql, security
>
> COPY TO does not quote set/list/map entries, which renders CSV unusable.
> E.g, having tbl with a column col set<ascii>
> INSERT INTO tbl (id, col) VALUES (1, {'}'});
> COPY tbl TO ... produces this:
> 1,{}}
> Then COPY FROM complains:
> Bad Request: line 1:4 extraneous input '}' expecting ')'
> CSV imports consistently fail when trying to import non-empty collection columns.
> Actually, the effect is pretty much a CQL injection, although I wasn't able to exploit
it using tainted values like '}; DROP TABLE users;--'.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message