cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eduardo Aguinaga (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-12328) Path Manipulation
Date Wed, 27 Jul 2016 19:33:20 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-12328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eduardo Aguinaga updated CASSANDRA-12328:
-----------------------------------------
    Description: 
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.

Issue:
There are multiple places in the Cassandra source code where a string that determines the
path of a file is not examined prior to use. Path traversal vulnerabilities are common software
security problems and failure to validate the path prior to open/creating a file may result
in operating in a directory that is outside the intended control sphere.

Path manipulation issues were found in the following locations:
CompactionManager.java Line 637
Descriptor.java Line 224
MetadataSerializer.java Line 83, 153
CommitLog.java Line 199
LogTransaction.java Line 311
WindowsFailedSnapshotTracker.java Line 51, 55, 60, 78, 84, 95
LegacyMetadataSerializer.java Line 84
FileUtils.java Line 116, 172, 354, 368, 386, 437
RewindableDataInputStreamPlus.java Line 226
CassandraDaemon.java Line 557
NodeTool.java Line 261
CustomClassLoader.java Line 77
CoalescingStrategies.java Line 54, 150
FBUtilities.java Line 309, 748

The following snippet is from CompactionManager.java where unvalidated input is parsed and
used to create a new File object on line 637:
{code:java}
CompactionManager.java, lines 621-638:
621 public void forceUserDefinedCompaction(String dataFiles)
622 {
623     String[] filenames = dataFiles.split(",");
624     Multimap<ColumnFamilyStore, Descriptor> descriptors = ArrayListMultimap.create();
625 
626     for (String filename : filenames)
627     {
628         // extract keyspace and columnfamily name from filename
629         Descriptor desc = Descriptor.fromFilename(filename.trim());
630         if (Schema.instance.getCFMetaData(desc) == null)
631         {
632             logger.warn("Schema does not exist for file {}. Skipping.", filename);
633             continue;
634         }
635         // group by keyspace/columnfamily
636         ColumnFamilyStore cfs = Keyspace.open(desc.ksname).getColumnFamilyStore(desc.cfname);
637         descriptors.put(cfs, cfs.getDirectories().find(new File(filename.trim()).getName()));
638     }
{code}

  was:
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.

Issue:
There are several places in the Cassandra source code where a string that determines the path
of a file is not examined prior to use. Path traversal vulnerabilities are common software
security problems and failure to validate the path prior to open/creating a file may result
in operating in a directory that is outside the intended control sphere.

Path manipulation issues were found in the following locations:
CompactionManager.java Line 637
Descriptor.java Line 224
MetadataSerializer.java Line 83

The following snippet is from CompactionManager.java where unvalidated input is parsed and
used to create a new File object on line 637:
{code:java}
CompactionManager.java, lines 621-638:
621 public void forceUserDefinedCompaction(String dataFiles)
622 {
623     String[] filenames = dataFiles.split(",");
624     Multimap<ColumnFamilyStore, Descriptor> descriptors = ArrayListMultimap.create();
625 
626     for (String filename : filenames)
627     {
628         // extract keyspace and columnfamily name from filename
629         Descriptor desc = Descriptor.fromFilename(filename.trim());
630         if (Schema.instance.getCFMetaData(desc) == null)
631         {
632             logger.warn("Schema does not exist for file {}. Skipping.", filename);
633             continue;
634         }
635         // group by keyspace/columnfamily
636         ColumnFamilyStore cfs = Keyspace.open(desc.ksname).getColumnFamilyStore(desc.cfname);
637         descriptors.put(cfs, cfs.getDirectories().find(new File(filename.trim()).getName()));
638     }
{code}


> Path Manipulation
> -----------------
>
>                 Key: CASSANDRA-12328
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12328
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Eduardo Aguinaga
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.
> Issue:
> There are multiple places in the Cassandra source code where a string that determines
the path of a file is not examined prior to use. Path traversal vulnerabilities are common
software security problems and failure to validate the path prior to open/creating a file
may result in operating in a directory that is outside the intended control sphere.
> Path manipulation issues were found in the following locations:
> CompactionManager.java Line 637
> Descriptor.java Line 224
> MetadataSerializer.java Line 83, 153
> CommitLog.java Line 199
> LogTransaction.java Line 311
> WindowsFailedSnapshotTracker.java Line 51, 55, 60, 78, 84, 95
> LegacyMetadataSerializer.java Line 84
> FileUtils.java Line 116, 172, 354, 368, 386, 437
> RewindableDataInputStreamPlus.java Line 226
> CassandraDaemon.java Line 557
> NodeTool.java Line 261
> CustomClassLoader.java Line 77
> CoalescingStrategies.java Line 54, 150
> FBUtilities.java Line 309, 748
> The following snippet is from CompactionManager.java where unvalidated input is parsed
and used to create a new File object on line 637:
> {code:java}
> CompactionManager.java, lines 621-638:
> 621 public void forceUserDefinedCompaction(String dataFiles)
> 622 {
> 623     String[] filenames = dataFiles.split(",");
> 624     Multimap<ColumnFamilyStore, Descriptor> descriptors = ArrayListMultimap.create();
> 625 
> 626     for (String filename : filenames)
> 627     {
> 628         // extract keyspace and columnfamily name from filename
> 629         Descriptor desc = Descriptor.fromFilename(filename.trim());
> 630         if (Schema.instance.getCFMetaData(desc) == null)
> 631         {
> 632             logger.warn("Schema does not exist for file {}. Skipping.", filename);
> 633             continue;
> 634         }
> 635         // group by keyspace/columnfamily
> 636         ColumnFamilyStore cfs = Keyspace.open(desc.ksname).getColumnFamilyStore(desc.cfname);
> 637         descriptors.put(cfs, cfs.getDirectories().find(new File(filename.trim()).getName()));
> 638     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message