You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Stefan Miklosovic (Jira)" <ji...@apache.org> on 2022/10/28 11:48:00 UTC
[jira] [Comment Edited] (CASSANDRA-17878) Harden parsing of boolean values in CQL in PropertyDefinitions
[ https://issues.apache.org/jira/browse/CASSANDRA-17878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625555#comment-17625555 ]
Stefan Miklosovic edited comment on CASSANDRA-17878 at 10/28/22 11:47 AM:
--------------------------------------------------------------------------
CI for 4.0 is here
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1505/workflows/72506028-e0dc-4fde-b5e9-856a54c768db
patch for 4.0 is here
I expect the patch to apply more or less cleanly on 4.1 and trunk, all builds will be provided upon a positive review.
patch for 4.1
https://github.com/apache/cassandra/pull/1959
build for 4.1
https://app.circleci.com/pipelines/github/instaclustr/cassandra?branch=CASSANDRA-17878-4.1
cc [~aleksey]
was (Author: smiklosovic):
CI for 4.0 is here
https://app.circleci.com/pipelines/github/instaclustr/cassandra/1505/workflows/72506028-e0dc-4fde-b5e9-856a54c768db
patch for 4.0 is here
I expect the patch to apply more or less cleanly on 4.1 and trunk, all builds will be provided upon a positive review.
cc [~aleksey]
> Harden parsing of boolean values in CQL in PropertyDefinitions
> --------------------------------------------------------------
>
> Key: CASSANDRA-17878
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17878
> Project: Cassandra
> Issue Type: Improvement
> Components: CQL/Interpreter, CQL/Semantics
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Time Spent: 20m
> Remaining Estimate: 0h
>
> There is currently this in PropertyDefinitions class as a pattern we use for testing a boolean value in cqlsh
> {code}
> private static final Pattern PATTERN_POSITIVE = Pattern.compile("(1|true|yes)");
> {code}
> This might be source of mistakes and typos. For example, if a user does, for example:
> {code}
> ALTER TABLE ks.tb WITH cdc = tru;
> {code}
> If he does not notice it, he thinks that cdc is true, but it is not.
> More to it, currently, everything which is not "1", "true", or "yes" is evaluated as false. We should harden this in such a way that both logical true and false would be parsed only on well defined values and every other value would be rejected and a query would fail.
> EDIT: I have checked how it behaves in cqlsh and there seems to be validation of this already like this:
> {code}
> cqlsh> ALTER TABLE abc.def WITH cdc = tru;
> SyntaxException: line 1:31 no viable alternative at input 'tru' (ALTER TABLE abc.def WITH [cdc] =...)
> {code}
> It seems that cqlsh already knows this should be a boolean and rejects such query.
> Nevertheless, it is still reasonable to harden this on the code level when a query is executed in Java, programmatically (e.g. as part of tests or similar). The patch also includes optimizations to not return Boolean but boolean on related methods (other primitives are covered as well).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org