[KYLIN-2696] Check SQL injection in model filter condition - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: v2.1.0
Component/s: None
Labels:
None

Description

We should check the model filter condition in case of someone make use of it to do SQL injection to Hive.

Since it is a String embed into a WHERE clause, we simply forbid it to include ';' character, except it is within a pair of quotations.

Resolved. Please refer to:

commit b7f72c5f407ab3eaf4e133dc08172d56fece49d1
Author: Xiaqing <454530524@qq.com>
Date: Fri Jun 30 09:42:07 2017 +0800

~~KYLIN-2696~~ Check SQL injection in filter condition

Attachments

Activity

People

Assignee:: Xiaqing Wang

Reporter:: Xiaqing Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 29/Jun/17 06:35

Updated:: 17/Aug/17 15:02

Resolved:: 04/Jul/17 11:39