cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Coltrey Mather (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-11501) StressGraph creates invalid JSON in cases when control characters are placed on the command-line
Date Tue, 05 Apr 2016 13:39:25 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-11501?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Coltrey Mather updated CASSANDRA-11501:
---------------------------------------
    Priority: Minor  (was: Major)

> StressGraph creates invalid JSON in cases when control characters are placed on the command-line
> ------------------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-11501
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11501
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Tools
>            Reporter: Coltrey Mather
>            Priority: Minor
>
> Several cases in tools/stress/src/org/apache/cassandra/stress/StressGraph.java use JSONObject.put
(inherited from Map) without escaping the input.  I encountered this when using -graph on
windows and using a windows file path (such as C:\path).  In this instance the backslash was
un-escaped and resulted in invalid JSON placed in the output html/javascript, which caused
the page not to render.  There are other cases in this file when input is not escaped as well.
> All values should be escaped (using JSONObject.escape(), for example) before being put
into the Map.
> ref: https://git-wip-us.apache.org/repos/asf?p=cassandra.git;a=blob;f=tools/stress/src/org/apache/cassandra/stress/StressGraph.java;h=ebaa0aecdb2db68485960013d4b6124c57fe1ac4;hb=HEAD



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message