v-kkhuang opened a new pull request, #5358: URL: https://github.com/apache/linkis/pull/5358
<!-- Thank you for sending the PR! We appreciate you spending the time to work on these changes. You can learn more about contributing to Apache Linkis here: https://linkis.apache.org/community/how-to-contribute Happy contributing! --> ### What is the purpose of the change **Background/Problem:** Currently, Hive tasks can use the LOCATION clause to specify custom data locations. This poses security risks as it allows users to potentially access unauthorized data paths or interfere with other users'\ data, compromising system security and data isolation. **Purpose of Change:** To address this security issue, this PR adds a control mechanism to disable the LOCATION clause in Hive tasks. The solution introduces a configuration option `linkis.entrance.sql.explain.hive.location.control.enabled` that, when enabled, prevents users from executing Hive SQL statements containing the LOCATION clause. **Value/Impact:** After this change, administrators can prevent users from using the LOCATION clause in Hive tasks, enhancing system security by ensuring users cannot access unauthorized data paths or interfere with other users'\ data through custom location specifications. ### Related issues/PRs Related issues: close #5357 ### Brief change log - Add configuration `linkis.entrance.sql.explain.hive.location.control.enabled` to control LOCATION clause validation - Implement LOCATION clause detection in Explain interceptor for Hive tasks - Add comprehensive unit tests for LOCATION control logic - Update EntranceConfiguration with new configuration keys - Add design documentation and Cucumber feature specification ### Checklist - [x] I have read the [Contributing Guidelines on pull requests](https://linkis.apache.org/community/how-to-contribute). - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [x] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible - [x] **If this is a code change**: I have written unit tests to fully verify the new behavior. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
