Hi to all:
I think i have found a bug, serious one.
I have found a INSERT query that does not validate the params and accept an
String as a valid value for a List<String>. This produce an out of memory
exception due to java heap in the server.
I have coded a very simple maven project in java to ilustrate you. It is
attached
To generate the jar: 'mvn clean compile assembly:single'
To run it: 'java -jar
target/EvilQuery-1.0-SNAPSHOT-jar-with-dependencies.jar -host localhost
-keyspace keyspace_name -table table_name'
Can anyone run it and tell us if this always happens or it's only me??
Basically this is the code:
`
Cluster cluster=Cluster.builder().addContactPoint(host).build();
Session session = cluster.connect();
String createKeyspace=String.format("CREATE KEYSPACE IF NOT EXISTS %s WITH
replication = {'class': 'SimpleStrategy', 'replication_factor' : 1} AND
durable_writes = true;",keyspace);
session.execute(createKeyspace);
String createTable=String.format("CREATE TABLE IF NOT EXISTS %s.%s( pk
uuid, mylist list<text>, PRIMARY KEY (pk));",keyspace,table);
session.execute(createTable);
*Statement insert = QueryBuilder.insertInto(keyspace, table)*
* .value("pk", UUID.randomUUID())*
* .value("mylist","blabla");*
*session.execute(insert);*
session.close();
cluster.close();
`
I have tested against cassandra 2.2.7, 3.0.x and 3.x and the bug appears
always.
Eduardo Alonso
Vía de las dos Castillas, 33, Ática 4, 3ª Planta
28224 Pozuelo de Alarcón, Madrid
Tel: +34 91 828 6473 // www.stratio.com // *@stratiobd
<https://twitter.com/StratioBD>*
