Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-20607

TxnHandler should use PreparedStatement to execute direct SQL queries.

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      TxnHandler uses direct SQL queries to operate on Txn related databases/tables in Hive metastore RDBMS.
      Most of the methods are direct calls from Metastore api which should be directly append input string arguments to the SQL string.
      Need to use parameterised PreparedStatement object to set these arguments.

      Attachments

        1. HIVE-20607.01.patch
          75 kB
          Sankar Hariappan
        2. HIVE-20607.01-branch-3.patch
          73 kB
          Sankar Hariappan

        Issue Links

        is related to

        Bug - A problem which impairs or prevents the functions of the product. HIVE-22073 SQL Injection in TxnHandler#enqueueLockWithRetry

        • Critical - Crashes, loss of data, severe memory leak.
        • Open
        links to

        Web Link GitHub Pull Request #434

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            sankarh Sankar Hariappan Assign to me
            sankarh Sankar Hariappan
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment