You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@sentry.apache.org by "Alexander Kolbasov (JIRA)" <ji...@apache.org> on 2017/02/08 07:24:41 UTC
[jira] [Comment Edited] (SENTRY-1609) DelegateSentryStore is
subject to JDQL injection
[ https://issues.apache.org/jira/browse/SENTRY-1609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15857572#comment-15857572 ]
Alexander Kolbasov edited comment on SENTRY-1609 at 2/8/17 7:24 AM:
--------------------------------------------------------------------
It seems that the simplest way to fix it is to just rewrite {{ getGroupsByRoles() }} to call {{ delegate.getMSentryRoleByName() }} which will get a role. Then we can just walk the role groups and add each group's name to a resulting set.
was (Author: akolb):
It seems that the simplest way to fix it is to just rewrite {{getGroupsByRoles()}} to call {{delegate.getMSentryRoleByName() }} which will get a role. Then we can just walk the role groups and add each group's name to a resulting set.
> DelegateSentryStore is subject to JDQL injection
> ------------------------------------------------
>
> Key: SENTRY-1609
> URL: https://issues.apache.org/jira/browse/SENTRY-1609
> Project: Sentry
> Issue Type: Bug
> Components: Sentry
> Affects Versions: 1.8.0, sentry-ha-redesign
> Reporter: Alexander Kolbasov
> Assignee: Alexander Kolbasov
> Attachments: SENTRY-1609.001.patch
>
>
> The fix for SENTRY-1476 missed one case in DelegateSntryStore that should be addressed as well.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)