diff --git a/jdbc/src/java/org/apache/hive/jdbc/Utils.java b/jdbc/src/java/org/apache/hive/jdbc/Utils.java index 0e4693b..fbf546d 100644 --- a/jdbc/src/java/org/apache/hive/jdbc/Utils.java +++ b/jdbc/src/java/org/apache/hive/jdbc/Utils.java @@ -31,6 +31,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.apache.hadoop.hive.conf.HiveConf; import org.apache.hive.service.cli.HiveSQLException; import org.apache.hive.service.cli.thrift.TStatus; import org.apache.hive.service.cli.thrift.TStatusCode; @@ -347,12 +348,27 @@ public static JdbcConnectionParams parseURL(String uri) throws JdbcUriParseExcep } } - // parse hive conf settings + // Parse hive conf settings + // The below URI.getQuery call should retrieve all the = pairs + // specified after ? in the URL as a single string. String confStr = jdbcURI.getQuery(); + if (confStr != null) { Matcher confMatcher = pattern.matcher(confStr); while (confMatcher.find()) { - connParams.getHiveConfs().put(confMatcher.group(1), confMatcher.group(2)); + String currKey = confMatcher.group(1); + + // Sanity check : Validate if the user provided a valid hive conf variable. + // If not, throw an exception. This following check is important + // from the security point of view as well. + if (HiveConf.getConfVars(currKey) != null) { + connParams.getHiveConfs().put(currKey, confMatcher.group(2)); + } else { + throw new JdbcUriParseException("Bad URL: " + jdbcURI + + ", expected a valid hive configuration parameter instead of " + currKey + + " . URL Format : jdbc:hive2://:/dbName;sess_var_list?hive_conf_list#hive_var_list" + + " . Please note that sess_var_list appears before ?"); + } } }