unsubscribe On Fri, Jun 27, 2025 at 10:42 AM XQ Hu via user <user@beam.apache.org> wrote:
> I think your understanding is correct. > https://docs.google.com/document/d/1tJapdA7ZNwkU0NaK7p-em0XnpHqNE1pKIXw9hVJkIUg/edit?tab=t.0#heading=h.83zu2vb65i5v > has more details. > > On Fri, Jun 27, 2025 at 12:11 PM Ronoaldo Pereira <ronoa...@arki1.com> > wrote: > >> Hi! I have a question about Apache Beam and SQL... A colleague asked me >> and I have a reasoning about the subject, but I could not find anything >> confirming or denying it so here it goes. >> >> Let's assume that there is corrupted data in our elements (either log >> files, bad database records), and they have inside the element values some >> kind of SQL Injection attempt like 'OR 1=1'. >> >> Does the Beam SQL implementation have any protections on this? Or, in >> other words, do we need to worry about the previous scenario while >> authoring pipelines with SQLTransform? >> >> My understanding is that this is not at risk because as far as I >> understand it while testing the SQLTransform locally, it will convert the >> SQL into Java PTransforms and as such, there is no dynamic query >> construction while the pipeline is running. Therefore, there is no >> situation in which there are fragments of query that could be causing >> vulnerability. The situation I imagine some form of issue along SQL >> Injection is if the attacker can somehow control the pipeline submission >> (i.e., it can influentiate how the pipeline query is built while the job is >> submitted) >> >> Do we have any part of the documentation that mentions something about >> this? >> >> Thanks in advance for any help! >> >
