cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coltrey Mather (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-11501) StressGraph creates invalid JSON in cases when control characters are placed on the command-line
Date Tue, 05 Apr 2016 13:39:25 GMT
Coltrey Mather created CASSANDRA-11501:
------------------------------------------

             Summary: StressGraph creates invalid JSON in cases when control characters are
placed on the command-line
                 Key: CASSANDRA-11501
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11501
             Project: Cassandra
          Issue Type: Bug
          Components: Tools
            Reporter: Coltrey Mather


Several cases in tools/stress/src/org/apache/cassandra/stress/StressGraph.java use JSONObject.put
(inherited from Map) without escaping the input.  I encountered this when using -graph on
windows and using a windows file path (such as C:\path).  In this instance the backslash was
un-escaped and resulted in invalid JSON placed in the output html/javascript, which caused
the page not to render.  There are other cases in this file when input is not escaped as well.

All values should be escaped (using JSONObject.escape(), for example) before being put into
the Map.

ref: https://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=blob;f=tools/stress/src/org/apache/cassandra/stress/StressGraph.java;h=ebaa0aecdb2db68485960013d4b6124c57fe1ac4;hb=HEAD



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message