You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2013/06/27 16:14:20 UTC
[jira] [Resolved] (CASSANDRA-5710) COPY ... TO command does not
work with collections
[ https://issues.apache.org/jira/browse/CASSANDRA-5710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Ellis resolved CASSANDRA-5710.
---------------------------------------
Resolution: Duplicate
> COPY ... TO command does not work with collections
> --------------------------------------------------
>
> Key: CASSANDRA-5710
> URL: https://issues.apache.org/jira/browse/CASSANDRA-5710
> Project: Cassandra
> Issue Type: Bug
> Components: API
> Affects Versions: 1.2.5
> Environment: Ubuntu 12.04 LTS
> Reporter: Lex Lythius
> Labels: cql, security
>
> COPY TO does not quote set/list/map entries, which renders CSV unusable.
> E.g, having tbl with a column col set<ascii>
> INSERT INTO tbl (id, col) VALUES (1, {'}'});
> COPY tbl TO ... produces this:
> 1,{}}
> Then COPY FROM complains:
> Bad Request: line 1:4 extraneous input '}' expecting ')'
> CSV imports consistently fail when trying to import non-empty collection columns.
> Actually, the effect is pretty much a CQL injection, although I wasn't able to exploit it using tainted values like '}; DROP TABLE users;--'.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira