ria28 opened a new pull request, #4222:
URL: https://github.com/apache/gravitino/pull/4222
…nting possible SQL injection in MysqlDatabaseOperations.java
<!--
1. Title: [#<issue>] <type>(<scope>): <subject>
Examples:
- "[#123] feat(operator): support xxx"
- "[#233] fix: check null before access result in xxx"
- "[MINOR] refactor: fix typo in variable name"
- "[MINOR] docs: fix typo in README"
- "[#255] test: fix flaky test NameOfTheTest"
Reference: https://www.conventionalcommits.org/en/v1.0.0/
2. If the PR is unfinished, please mark this PR as draft.
-->
### What changes were proposed in this pull request?
databaseName in generateDropDatabaseSql method inside
MysqlDatabaseOperations.java is not validated making the code vulnerable to SQL
injection.
The PR has validation for databaseName ( Null and empty check)
### Why are the changes needed?
To prevent possible SQL injection
Fix: #4211
### Does this PR introduce _any_ user-facing change?
No
### How was this patch tested?
N/A
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
