[ https://issues.apache.org/jira/browse/KYLIN-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
liyang updated KYLIN-2046: -------------------------- Attachment: mail from SourceClear.png > Potential injected SQL attack vulnerability in QueryService > ----------------------------------------------------------- > > Key: KYLIN-2046 > URL: https://issues.apache.org/jira/browse/KYLIN-2046 > Project: Kylin > Issue Type: Bug > Reporter: Ted Yu > Attachments: mail from SourceClear.png > > > {code} > String correctedSql = QueryUtil.massageSql(sqlRequest); > if (!correctedSql.equals(sqlRequest.getSql())) { > ... > return execute(correctedSql, sqlRequest); > {code} > massageSql() uses regex to detect malformed SQL. > However, there may be SQL injection which is not detected by massageSql(). -- This message was sent by Atlassian JIRA (v6.3.4#6332)