Wenchao Li created HIVE-23461: --------------------------------- Summary: Needs to capture input/output entities in explainRewrite Key: HIVE-23461 URL: https://issues.apache.org/jira/browse/HIVE-23461 Project: Hive Issue Type: Improvement Reporter: Wenchao Li
HIVE-18778(CVE-2018-1314) capture input/output entitles in explain semantic analyzer so when a query is disallowed by Ranger, Sentry or Sqlstd authorizizer, the corresponding explain statement will be disallowed either. However, ExplainSQRewriteSemanticAnalyzer also uses an instance of DDLSemanticAnalyzer to analyze the explain rewrite query. {code:java} SemanticAnalyzer sem = (SemanticAnalyzer) SemanticAnalyzerFactory.get(queryState, input); sem.analyze(input, ctx); sem.validate(); The inputs/outputs entities for this query are never set on the instance of ExplainSQRewriteSemanticAnalyzer itself and thus is not propagated into the HookContext in the calling Driver code. It is a similar issue to HIVE-18778.{code} -- This message was sent by Atlassian Jira (v8.3.4#803005)