[
https://issues.apache.org/jira/browse/KYLIN-2046?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
liyang resolved KYLIN-2046.
---------------------------
Resolution: Not A Problem
> Potential injected SQL attack vulnerability in QueryService
> -----------------------------------------------------------
>
> Key: KYLIN-2046
> URL: https://issues.apache.org/jira/browse/KYLIN-2046
> Project: Kylin
> Issue Type: Bug
> Reporter: Ted Yu
> Attachments: mail from SourceClear.png
>
>
> {code}
> String correctedSql = QueryUtil.massageSql(sqlRequest);
> if (!correctedSql.equals(sqlRequest.getSql())) {
> ...
> return execute(correctedSql, sqlRequest);
> {code}
> massageSql() uses regex to detect malformed SQL.
> However, there may be SQL injection which is not detected by massageSql().
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
