cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeremiah Jordan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-7725) CqlRecordReader does not validate input_cql Statments
Date Fri, 08 Aug 2014 20:07:12 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jeremiah Jordan updated CASSANDRA-7725:
---------------------------------------

    Reproduced In: 2.0.10

> CqlRecordReader does not validate input_cql Statments
> -----------------------------------------------------
>
>                 Key: CASSANDRA-7725
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7725
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Hadoop
>            Reporter: Russell Alexander Spitzer
>            Assignee: Alex Liu
>             Fix For: 2.0.10
>
>
> CRR reader doesn't validate input_cql statements which can lead to some very dangerous
results. In general we should make sure that the statement conforms to the required template
and throw an exception if they don't.
> For example if a use puts in an input statement like
> {code}
> SELECT * from ks.tab
> {code}
> Will run but will run the same query for each split.
> https://github.com/apache/cassandra/blob/541a20dbb2ef258705c0632cddc3361ea533995c/src/java/org/apache/cassandra/hadoop/cql3/CqlRecordReader.java#L231



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message