From 8c3e4288fe2eba1283bbb3eb299ef5dcdb6d0c49 Mon Sep 17 00:00:00 2001 From: Arvind Kandpal Date: Mon, 1 Jun 2026 12:53:44 +0530 Subject: [PATCH 1/2] CASSANDRA-21415: Document COPY TO limitation for control characters in text columns COPY TO does not support control characters in text column values per RFC 4180. This patch documents the limitation in the cqlsh reference, including the security risks and alternative tools for data migration. patch by Arvind Kandpal; reviewed by TBD for CASSANDRA-21415 --- .../cassandra/pages/managing/tools/cqlsh.adoc | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc b/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc index 5918d2f3ffae..9ad8ba471f48 100644 --- a/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc +++ b/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc @@ -461,6 +461,19 @@ value `STDOUT` (without single quotes) to print the CSV to stdout. See `shared-copy-options` for options that apply to both `COPY TO` and `COPY FROM`. +[NOTE] +==== +`COPY TO` only supports printable characters in text column values, in +accordance with RFC 4180. Text columns containing control characters +such as newlines (`\n`), carriage returns (`\r`), null bytes (`\x00`), +or other non-printable characters cannot be reliably exported — values +will be corrupted on re-import via `COPY FROM`. Beyond data integrity, +non-printable characters in CSV output can pose security risks, including +CSV injection and other forms of malicious data embedding. If your data +contains such characters, consider using DSBulk, Spark, or +`sstableloader` for data migration instead. +==== + ==== Options for `COPY TO` `MAXREQUESTS`:: From 564b9de403e4f40e7df98fd98db7652be36edd95 Mon Sep 17 00:00:00 2001 From: Arvind Kandpal Date: Wed, 3 Jun 2026 00:42:35 +0530 Subject: [PATCH 2/2] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- doc/modules/cassandra/pages/managing/tools/cqlsh.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc b/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc index 9ad8ba471f48..cf3d5ec9330f 100644 --- a/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc +++ b/doc/modules/cassandra/pages/managing/tools/cqlsh.adoc @@ -463,8 +463,8 @@ See `shared-copy-options` for options that apply to both `COPY TO` and [NOTE] ==== -`COPY TO` only supports printable characters in text column values, in -accordance with RFC 4180. Text columns containing control characters +`COPY TO` exports CSV using a restricted RFC 4180-compatible format and does not +preserve control characters in text column values. Text columns containing control characters such as newlines (`\n`), carriage returns (`\r`), null bytes (`\x00`), or other non-printable characters cannot be reliably exported — values will be corrupted on re-import via `COPY FROM`. Beyond data integrity,