Hi! I have a question about Apache Beam and SQL... A colleague asked me and I have a reasoning about the subject, but I could not find anything confirming or denying it so here it goes.
Let's assume that there is corrupted data in our elements (either log files, bad database records), and they have inside the element values some kind of SQL Injection attempt like 'OR 1=1'. Does the Beam SQL implementation have any protections on this? Or, in other words, do we need to worry about the previous scenario while authoring pipelines with SQLTransform? My understanding is that this is not at risk because as far as I understand it while testing the SQLTransform locally, it will convert the SQL into Java PTransforms and as such, there is no dynamic query construction while the pipeline is running. Therefore, there is no situation in which there are fragments of query that could be causing vulnerability. The situation I imagine some form of issue along SQL Injection is if the attacker can somehow control the pipeline submission (i.e., it can influentiate how the pipeline query is built while the job is submitted) Do we have any part of the documentation that mentions something about this? Thanks in advance for any help!
