You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jonathan Ellis (JIRA)" <ji...@apache.org> on 2013/06/27 16:14:20 UTC

[jira] [Resolved] (CASSANDRA-5710) COPY ... TO command does not work with collections

     [ https://issues.apache.org/jira/browse/CASSANDRA-5710?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Ellis resolved CASSANDRA-5710.
---------------------------------------

    Resolution: Duplicate
    
> COPY ... TO command does not work with collections
> --------------------------------------------------
>
>                 Key: CASSANDRA-5710
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-5710
>             Project: Cassandra
>          Issue Type: Bug
>          Components: API
>    Affects Versions: 1.2.5
>         Environment: Ubuntu 12.04 LTS
>            Reporter: Lex Lythius
>              Labels: cql, security
>
> COPY TO does not quote set/list/map entries, which renders CSV unusable.
> E.g, having tbl with a column col set<ascii>
> INSERT INTO tbl (id, col) VALUES (1, {'}'});
> COPY tbl TO ... produces this:
> 1,{}}
> Then COPY FROM complains:
> Bad Request: line 1:4 extraneous input '}' expecting ')'
> CSV imports consistently fail when trying to import non-empty collection columns.
> Actually, the effect is pretty much a CQL injection, although I wasn't able to exploit it using tainted values like '}; DROP TABLE users;--'.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira