[ 
https://issues.apache.org/jira/browse/HIVE-23461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17114594#comment-17114594
 ] 

Naresh P R commented on HIVE-23461:
-----------------------------------

[~1wc]  I am interested to work on this jira, please let me know if you are 
already working on the patch.

> Needs to capture input/output entities in explainRewrite
> --------------------------------------------------------
>
>                 Key: HIVE-23461
>                 URL: https://issues.apache.org/jira/browse/HIVE-23461
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Wenchao Li
>            Assignee: Wenchao Li
>            Priority: Major
>
> HIVE-18778(CVE-2018-1314) capture input/output entitles in explain semantic 
> analyzer so when a query is disallowed by Ranger, Sentry or Sqlstd 
> authorizizer, the corresponding explain statement will be disallowed either.
> However, ExplainSQRewriteSemanticAnalyzer also uses an instance of 
> DDLSemanticAnalyzer to analyze the explain rewrite query.
> {code:java}
> SemanticAnalyzer sem = (SemanticAnalyzer)
>  SemanticAnalyzerFactory.get(queryState, input);
> sem.analyze(input, ctx);
> sem.validate();{code}
>  
> The inputs/outputs entities for this query are never set on the instance of 
> ExplainSQRewriteSemanticAnalyzer itself and thus is not propagated into the 
> HookContext in the calling Driver code. It is a similar issue to HIVE-18778.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to