swagle commented on a change in pull request #2423:
URL: https://github.com/apache/ozone/pull/2423#discussion_r672505417
##########
File path:
hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/audit/parser/common/DatabaseHelper.java
##########
@@ -93,8 +92,9 @@ private static void loadProperties() {
private static boolean createAuditTable(String dbName) throws Exception {
try (Connection connection = getConnection(dbName);
- Statement st = connection.createStatement()) {
- st.executeUpdate(properties.get(ParserConsts.CREATE_AUDIT_TABLE));
+ PreparedStatement st = connection.prepareStatement(
Review comment:
Since the query does not take any params, a SQL injection cannot happen
here.
##########
File path:
hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/audit/parser/common/DatabaseHelper.java
##########
@@ -200,8 +200,8 @@ private static String executeStatement(String dbName,
String sql)
StringBuilder result = new StringBuilder();
ResultSetMetaData rsm;
try (Connection connection = getConnection(dbName);
- Statement st = connection.createStatement();
- ResultSet rs = st.executeQuery(sql)) {
+ PreparedStatement ps = connection.prepareStatement(sql);
Review comment:
This IMO is still a valid precautionary change.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
