cloud-fan commented on a change in pull request #34543:
URL: https://github.com/apache/spark/pull/34543#discussion_r747953170
##########
File path:
sql/hive/src/test/scala/org/apache/spark/sql/hive/execution/HiveCommandSuite.scala
##########
@@ -324,4 +324,23 @@ class HiveCommandSuite extends QueryTest with SQLTestUtils
with TestHiveSingleto
FsConstants.LOCAL_FS_URI, workingDir, new Path("kv1.txt"))
assert(r === new Path(s"$workingDir/kv1.txt"))
}
+
+ test("SPARK-37266: Optimize the analysis for view text of persistent view
and" +
+ " fix security vulnerabilities caused by sql tampering") {
+ sql("CREATE VIEW parquet_view2 as select * from parquet_tab4")
+ val table =
hiveContext.sessionState.catalog.getTableMetadata(TableIdentifier("parquet_view2"))
+ try {
+ // Simulate the behavior of hackers
+ val tamperedViewText = "drop view parquet_view2"
+ val tamperedTable = table.copy(viewText = Some(tamperedViewText))
+ hiveContext.sessionState.catalog.alterTable(tamperedTable)
Review comment:
Seems like we can run this test in sql/core, as it does not rely on
hive. Can we move it to `PersistedViewTestSuite`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
