You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "liyang (JIRA)" <ji...@apache.org> on 2016/10/18 22:56:58 UTC

[jira] [Resolved] (KYLIN-2046) Potential injected SQL attack vulnerability in QueryService

     [ https://issues.apache.org/jira/browse/KYLIN-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

liyang resolved KYLIN-2046.
---------------------------
    Resolution: Not A Problem

> Potential injected SQL attack vulnerability in QueryService
> -----------------------------------------------------------
>
>                 Key: KYLIN-2046
>                 URL: https://issues.apache.org/jira/browse/KYLIN-2046
>             Project: Kylin
>          Issue Type: Bug
>            Reporter: Ted Yu
>         Attachments: mail from SourceClear.png
>
>
> {code}
>         String correctedSql = QueryUtil.massageSql(sqlRequest);
>         if (!correctedSql.equals(sqlRequest.getSql())) {
> ...
>         return execute(correctedSql, sqlRequest);
> {code}
> massageSql() uses regex to detect malformed SQL.
> However, there may be SQL injection which is not detected by massageSql().



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)