[GOBBLIN-108] gobblin.metastore.DatabaseJobHistoryStore is vulnerable to SQL injection - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- Bug:Generic
- Framework:AdminUI

External issue URL:
https://github.com/linkedin/gobblin/issues/969

Description

The `constructTableFilter(Table table)` method in `DatabaseJobHistoryStore` is vulnerable to SQL injection; it injects a filter based on the value of `gobblin.rest.Table` (in `gobblin-rest-api`)
It causes the following FindBugs warning to be raised, which has been suppressed until a viable solution has been determined: `SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING`

Github Url : https://github.com/linkedin/gobblin/issues/969
Github Reporter : stakiar
Github Created At : 2016-05-08T01:07:56Z
Github Updated At : 2017-01-12T04:53:40Z

Comments

jbaranick wrote on 2016-05-12T07:29:11Z : This should be simple to fix by parameterizing the filter just like is done in other places in `DatabaseJobHistoryStoreV101`

Github Url : https://github.com/linkedin/gobblin/issues/969#issuecomment-218680827

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sahil Takiar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Jul/17 07:40

Updated:: 07/Aug/17 08:44