[HIVE-23461] Needs to capture input/output entities in explainRewrite - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Authorization
Labels:
None

Description

~~HIVE-18778~~(CVE-2018-1314) capture input/output entitles in explain semantic analyzer so when a query is disallowed by Ranger, Sentry or Sqlstd authorizizer, the corresponding explain statement will be disallowed either.

However, ExplainSQRewriteSemanticAnalyzer also uses an instance of DDLSemanticAnalyzer to analyze the explain rewrite query.

SemanticAnalyzer sem = (SemanticAnalyzer)
 SemanticAnalyzerFactory.get(queryState, input);
sem.analyze(input, ctx);
sem.validate();

The inputs/outputs entities for this query are never set on the instance of ExplainSQRewriteSemanticAnalyzer itself and thus is not propagated into the HookContext in the calling Driver code. It is a similar issue to ~~HIVE-18778~~.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-23461.3.patch
30/May/20 01:44
8 kB
Naresh P R
HIVE-23461.2.patch
28/May/20 03:16
8 kB
Naresh P R
HIVE-23461.1.patch
27/May/20 05:45
8 kB
Naresh P R
HIVE-23461.patch
27/May/20 01:45
8 kB
Naresh P R

Activity

People

Assignee:: Naresh P R

Reporter:: Wenchao Li

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/May/20 13:15

Updated:: 30/May/20 03:02