This is an automated email from the ASF dual-hosted git repository. kalyan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/sentry.git
commit f5dbc69b5c0ff6cae2606e58efd204df754e5232 Author: Kalyan Kumar Kalvagadda <[email protected]> AuthorDate: Thu Dec 12 18:47:54 2019 +0000 SENTRY-2533: The UDF in_file should be blacked default Change-Id: Ie2763f1e747570635e9f41d69147a0a986088f14 --- .../main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java | 4 ++-- .../apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java index 5c43329..90fcfc3 100644 --- a/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java +++ b/sentry-binding/sentry-binding-hive-conf/src/main/java/org/apache/sentry/binding/hive/conf/HiveAuthzConf.java @@ -78,14 +78,14 @@ public class HiveAuthzConf extends Configuration { "histogram_numeric,percentile_approx,collect_set,collect_list,ngrams," + "context_ngrams,ewah_bitmap,compute_stats,percentile," + "array,assert_true,map,struct,named_struct,create_union,case,when,hash,coalesce," + - "index,in_file,instr,locate,elt,concat_ws,sort_array," + + "index,instr,locate,elt,concat_ws,sort_array," + "array_contains,sentences,map_keys,map_values,format_number,printf,greatest,least," + "from_utc_timestamp,to_utc_timestamp,unix_timestamp,to_unix_timestamp,explode," + "inline,json_tuple,parse_url_tuple,posexplode,stack,lead,lag,row_number,rank," + "dense_rank,percent_rank,cume_dist,ntile,first_value,last_value,noop,noopwithmap," + "noopstreaming,noopwithmapstreaming,windowingtablefunction,matchpath"; - public static final String HIVE_UDF_BLACK_LIST = "reflect,reflect2,java_method"; + public static final String HIVE_UDF_BLACK_LIST = "reflect,reflect2,java_method,in_file"; public static final String SENTRY_HIVE_SERVER_DEFAULT = ""; /** diff --git a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java index c6e14a5..0de4b06 100644 --- a/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java +++ b/sentry-tests/sentry-tests-hive/src/test/java/org/apache/sentry/tests/e2e/hive/TestPrivilegesAtFunctionScope.java @@ -448,6 +448,8 @@ public class TestPrivilegesAtFunctionScope extends AbstractTestWithStaticConfigu "SELECT reflect('java.net.URLDecoder', 'decode', 'http://www.apache.org', 'utf-8'), value FROM " + tableName1); context.assertAuthzException(statement, "SELECT java_method('java.net.URLDecoder', 'decode', 'http://www.apache.org', 'utf-8'), value FROM " + tableName1); + context.assertAuthzException(statement, + "SELECT in_file('secret', '/etc/passwd'), value FROM " + tableName1); statement.close(); connection.close(); }
