Alexander Kolbasov created SENTRY-1476: ------------------------------------------
Summary: SentryStore is subject to JDQL injection Key: SENTRY-1476 URL: https://issues.apache.org/jira/browse/SENTRY-1476 Project: Sentry Issue Type: Bug Components: Core Affects Versions: 1.7.0, sentry-ha-redesign Reporter: Alexander Kolbasov SentryStore.java has a bunch of places where the query is constructed by concatenating strings rather than using JDQL parameters. This is subject to JDQL injection since some of the parameters come from Thrift. All strings from Thrift should be passed as parameters, not as string concatenation. -- This message was sent by Atlassian JIRA (v6.3.4#6332)