cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brosius (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-12542) Portability Flaw: Locale Dependent Comparison
Date Sat, 27 Aug 2016 18:40:20 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-12542?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dave Brosius updated CASSANDRA-12542:
-------------------------------------
    Priority: Trivial  (was: Major)

> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
>                 Key: CASSANDRA-12542
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12542
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>            Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.
> Issue:
> In the file SpeculativeRetryParam.java on lines 91 and 103 there are a portability problems
with the call to toLowerCase() because it has different locales which may lead to unexpected
output. This may also circumvent custom validation routines.
> SpeculativeRetryParam.java, lines 91-101:
> {code:java}
> 091 if (value.toLowerCase().endsWith("ms"))
> 092 {
> 093     try
> 094     {
> 095         return custom(Double.parseDouble(value.substring(0, value.length() - "ms".length())));
> 096     }
> 097     catch (IllegalArgumentException e)
> 098     {
> 099         throw new ConfigurationException(format("Invalid value %s for option '%s'",
value, TableParams.Option.SPECULATIVE_RETRY));
> 100     }
> 101 }
> {code}
> SpeculativeRetryParam.java, lines 103-121:
> {code:java}
> 103 if (value.toUpperCase().endsWith(Kind.PERCENTILE.toString()))
> 104 {
> 105     double threshold;
> 106     try
> 107     {
> 108         threshold = Double.parseDouble(value.substring(0, value.length() - Kind.PERCENTILE.toString().length()));
> 109     }
> 110     catch (IllegalArgumentException e)
> 111     {
> 112         throw new ConfigurationException(format("Invalid value %s for option '%s'",
value, TableParams.Option.SPECULATIVE_RETRY));
> 113     }
> 114 
> 115     if (threshold >= 0.0 && threshold <= 100.0)
> 116         return percentile(threshold);
> 117 
> 118     throw new ConfigurationException(format("Invalid value %s for PERCENTILE option
'%s': must be between 0.0 and 100.0",
> 119                                             value,
> 120                                             TableParams.Option.SPECULATIVE_RETRY));
> 121 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message