JavierLopezT commented on a change in pull request #9246:
URL: https://github.com/apache/airflow/pull/9246#discussion_r487888372
##########
File path: airflow/providers/amazon/aws/transfers/s3_to_redshift.py
##########
@@ -112,6 +119,17 @@ def execute(self, context):
copy_options=copy_options,
)
+ if self.truncate_table:
+ truncate_statement = f'TRUNCATE TABLE {self.schema}.{self.table};'
Review comment:
I am open to use psycopg to address the issue.
Nevertheless, the only way I think someone could make SQL Injection is
setting schema or table like:
`table/schema; DROP ALL TABLES OR WHATEVER`
If you don't specify any table, the command will fail, so wouldn't it be
easier just to make strip of semicolon for table and schema? (maybe less "pro"
indeed, but way simpler I think)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
