Details
-
Bug
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
HIVE-18778(CVE-2018-1314) capture input/output entitles in explain semantic analyzer so when a query is disallowed by Ranger, Sentry or Sqlstd authorizizer, the corresponding explain statement will be disallowed either.
However, ExplainSQRewriteSemanticAnalyzer also uses an instance of DDLSemanticAnalyzer to analyze the explain rewrite query.
SemanticAnalyzer sem = (SemanticAnalyzer) SemanticAnalyzerFactory.get(queryState, input); sem.analyze(input, ctx); sem.validate();
The inputs/outputs entities for this query are never set on the instance of ExplainSQRewriteSemanticAnalyzer itself and thus is not propagated into the HookContext in the calling Driver code. It is a similar issue to HIVE-18778.