aiai-bot commented on PR #10327:
URL: https://github.com/apache/seatunnel/pull/10327#issuecomment-3753370418
<!-- code-pr-reviewer -->
## ⚠️ Request Changes
**2 CRITICAL SQL injection vulnerabilities** and **1 MAJOR consistency
issue** must be addressed before merging.
---
### 🔴 CRITICAL: SQL Injection Vulnerabilities
**1. `getDatabaseWithConditionSql()` and `getTableWithConditionSql()` -
Single quote injection**
- **File**: `SqlServerCatalog.java:73-84`
- **Evidence**:
```java
// Line 74
return String.format(getListDatabaseSql() + " where name = '%s'",
databaseName);
// Lines 81-83
" and TABLE_SCHEMA = '%s' and TABLE_NAME = '%s'", schemaName, tableName
```
- **Fix**: Escape single quotes: `name.replace("'", "''")`
**2. `getSelectColumnsSql()` - Single quote injection**
- **File**: `SqlServerCatalog.java:98-106`
- **Fix**: Apply `.replace("'", "''")` to both `schemaName` and `tableName`
---
### 🟠 MAJOR: Inconsistent Quoting
**3. `getDropTableSql()` missing bracket quotes**
- **File**: `SqlServerCatalog.java:141-143`
- **Fix**:
```java
return String.format("DROP TABLE %s", tablePath.getFullNameWithQuoted("[",
"]"));
```
---
### Suggested Tests
```bash
mvn test -Dtest=PreviewActionTest#testSqlServerPreviewAction
mvn test -Dtest=SqlServerCDCIT#testDatabaseNameWithSpecialCharacters
mvn test -Dtest=SqlServerCDCIT
```
---
Please address the CRITICAL and MAJOR issues before merging.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
