cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Brosius (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CASSANDRA-12546) Privacy Violation
Date Sat, 27 Aug 2016 18:39:20 GMT

     [ https://issues.apache.org/jira/browse/CASSANDRA-12546?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dave Brosius updated CASSANDRA-12546:
-------------------------------------
    Priority: Trivial  (was: Major)

> Privacy Violation
> -----------------
>
>                 Key: CASSANDRA-12546
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12546
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>            Priority: Trivial
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra
source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a
manual analysis utilizing SciTools Understand v4. The results of that analysis includes the
issue below.
> Issue:
> In the file DigestMismatchException.java on line 30 the method DigestMismatchException()
mishandles sensitive information. Sensitive information should be handled carefully to avoid
divulging it to unauthorized parties.
> {code:java}
> DigestMismatchException.java, lines 28-34:
> 28 public DigestMismatchException(DecoratedKey key, ByteBuffer digest1, ByteBuffer digest2)
> 29 {
> 30     super(String.format("Mismatch for key %s (%s vs %s)",
> 31                         key.toString(),
> 32                         ByteBufferUtil.bytesToHex(digest1),
> 33                         ByteBufferUtil.bytesToHex(digest2)));
> 34 }
> {code} 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message