Return-Path: 
 <commits-return-108203-apmail-cassandra-commits-archive=cassandra.apache.org@cassandra.apache.org>
X-Original-To: apmail-cassandra-commits-archive@www.apache.org
Delivered-To: apmail-cassandra-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 60A481103D
	for <apmail-cassandra-commits-archive@www.apache.org>;
 Fri,  8 Aug 2014 20:07:12 +0000 (UTC)
Received: (qmail 91036 invoked by uid 500); 8 Aug 2014 20:07:12 -0000
Delivered-To: apmail-cassandra-commits-archive@cassandra.apache.org
Received: (qmail 90996 invoked by uid 500); 8 Aug 2014 20:07:12 -0000
Mailing-List: contact commits-help@cassandra.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cassandra.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cassandra.apache.org>
List-Post: <mailto:commits@cassandra.apache.org>
List-Id: <commits.cassandra.apache.org>
Reply-To: dev@cassandra.apache.org
Delivered-To: mailing list commits@cassandra.apache.org
Received: (qmail 90984 invoked by uid 99); 8 Aug 2014 20:07:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Aug 2014 20:07:12 +0000
Date: Fri, 8 Aug 2014 20:07:12 +0000 (UTC)
From: "Jeremiah Jordan (JIRA)" <jira@apache.org>
To: commits@cassandra.apache.org
Message-ID: <JIRA.12732887.1407520822118.46191.1407528432136@arcas>
In-Reply-To: <JIRA.12732887.1407520822118@arcas>
References: <JIRA.12732887.1407520822118@arcas>
Subject: [jira] [Updated] (CASSANDRA-7725) CqlRecordReader does not validate
 input_cql Statments
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/CASSANDRA-7725?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jeremiah Jordan updated CASSANDRA-7725:
---------------------------------------

    Reproduced In: 2.0.10

> CqlRecordReader does not validate input_cql Statments
> -----------------------------------------------------
>
>                 Key: CASSANDRA-7725
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-7725
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Hadoop
>            Reporter: Russell Alexander Spitzer
>            Assignee: Alex Liu
>             Fix For: 2.0.10
>
>
> CRR reader doesn't validate input_cql statements which can lead to some very dangerous results. In general we should make sure that the statement conforms to the required template and throw an exception if they don't.
> For example if a use puts in an input statement like
> {code}
> SELECT * from ks.tab
> {code}
> Will run but will run the same query for each split.
> https://github.com/apache/cassandra/blob/541a20dbb2ef258705c0632cddc3361ea533995c/src/java/org/apache/cassandra/hadoop/cql3/CqlRecordReader.java#L231



--
This message was sent by Atlassian JIRA
(v6.2#6252)