Wenchao Li created HIVE-23461:
---------------------------------
Summary: Needs to capture input/output entities in explainRewrite
Key: HIVE-23461
URL: https://issues.apache.org/jira/browse/HIVE-23461
Project: Hive
Issue Type: Improvement
Reporter: Wenchao Li
HIVE-18778(CVE-2018-1314) capture input/output entitles in explain semantic
analyzer so when a query is disallowed by Ranger, Sentry or Sqlstd
authorizizer, the corresponding explain statement will be disallowed either.
However, ExplainSQRewriteSemanticAnalyzer also uses an instance of
DDLSemanticAnalyzer to analyze the explain rewrite query.
{code:java}
SemanticAnalyzer sem = (SemanticAnalyzer)
SemanticAnalyzerFactory.get(queryState, input);
sem.analyze(input, ctx);
sem.validate();
The inputs/outputs entities for this query are never set on the instance of
ExplainSQRewriteSemanticAnalyzer itself and thus is not propagated into the
HookContext in the calling Driver code. It is a similar issue to
HIVE-18778.{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
