cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eduardo Aguinaga (JIRA)" <>
Subject [jira] [Created] (CASSANDRA-12546) Privacy Violation
Date Thu, 25 Aug 2016 17:50:21 GMT
Eduardo Aguinaga created CASSANDRA-12546:

             Summary: Privacy Violation
                 Key: CASSANDRA-12546
             Project: Cassandra
          Issue Type: Sub-task
            Reporter: Eduardo Aguinaga

In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.

In the file on line 30 the method DigestMismatchException() mishandles
sensitive information. Sensitive information should be handled carefully to avoid divulging
it to unauthorized parties.

{code:java}, lines 28-34:
28 public DigestMismatchException(DecoratedKey key, ByteBuffer digest1, ByteBuffer digest2)
29 {
30     super(String.format("Mismatch for key %s (%s vs %s)",
31                         key.toString(),
32                         ByteBufferUtil.bytesToHex(digest1),
33                         ByteBufferUtil.bytesToHex(digest2)));
34 }

This message was sent by Atlassian JIRA

View raw message