[SPARK-37266][SQL] View text can only be SELECT queries #34543
Conversation
…ty vulnerabilities caused by sql tampering
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
|
Test build #145054 has finished for PR 34543 at commit
|
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
|
Test build #145064 has finished for PR 34543 at commit
|
|
ping @MaxGekk @gengliangwang |
| parser.parseQuery(viewText) | ||
| } catch { | ||
| case _: ParseException => throw new AnalysisException( | ||
| s"Invalid view text of view ${metadata.qualifiedName}, it may have been tampered with") |
There was a problem hiding this comment.
shall we display the view sql text as wel?
There was a problem hiding this comment.
and let's move the error to QueryCompilationErrors.scala
| parser.parseQuery(viewText) | ||
| } catch { | ||
| case _: ParseException => throw new AnalysisException( | ||
| s"Invalid view text of view ${metadata.qualifiedName}, it may have been tampered with") |
There was a problem hiding this comment.
and let's move the error to QueryCompilationErrors.scala
|
|
||
| test("SPARK-37266: Optimize the analysis for view text of persistent view and" + | ||
| " fix security vulnerabilities caused by sql tampering") { | ||
| val table = hiveContext.sessionState.catalog.getTableMetadata(TableIdentifier("parquet_view1")) |
There was a problem hiding this comment.
can we create a new view to test it instead of altering an existing view?
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
|
Test build #145113 has finished for PR 34543 at commit
|
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
| // Simulate the behavior of hackers | ||
| val tamperedViewText = "drop view parquet_view2" | ||
| val tamperedTable = table.copy(viewText = Some(tamperedViewText)) | ||
| hiveContext.sessionState.catalog.alterTable(tamperedTable) |
There was a problem hiding this comment.
Seems like we can run this test in sql/core, as it does not rely on hive. Can we move it to PersistedViewTestSuite?
|
|
||
| test("SPARK-37266: Optimize the analysis for view text of persistent view and" + | ||
| " fix security vulnerabilities caused by sql tampering") { | ||
| sql("CREATE VIEW parquet_view2 as select * from parquet_tab4") |
There was a problem hiding this comment.
can be simpler CREATE VIEW v AS SELECT 1
|
Kubernetes integration test starting |
| test("SPARK-37266: Optimize the analysis for view text of persistent view and" + | ||
| " fix security vulnerabilities caused by sql tampering") { | ||
| sql("CREATE VIEW v AS SELECT 1") | ||
| val table = spark.sessionState.catalog.getTableMetadata(TableIdentifier("v")) |
There was a problem hiding this comment.
let's wrap the test with withView
| } | ||
|
|
||
| test("SPARK-37266: Optimize the analysis for view text of persistent view and" + | ||
| " fix security vulnerabilities caused by sql tampering") { |
There was a problem hiding this comment.
we can shorten the test name: SPARK-37266: view text can only be SELECT queries
|
Kubernetes integration test status failure |
|
Test build #145126 has finished for PR 34543 at commit
|
|
Test build #145137 has finished for PR 34543 at commit
|
beliefer
changed the title
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
|
Test build #145169 has finished for PR 34543 at commit
|
|
Kubernetes integration test starting |
|
Kubernetes integration test status failure |
|
Test build #145178 has finished for PR 34543 at commit
|
|
thanks, merging to master! |
|
@cloud-fan Thank you for your review. |
3 participants
What changes were proposed in this pull request?
The current implementation of persistent view is create hive table with view text.
The view text is just a query string, so the hackers may tamper with it through various means.
Such as,
select * from tab1tampered withdrop table tab1.Why are the changes needed?
First, the view text is query string,
parser.parsePlan(viewText)occurs more overhead thanparser.parseQuery(viewText).Second, the view text can be tampered by hackers and issue security vulnerabilities.
Does this PR introduce any user-facing change?
'No'. Unless hackers tamper view text, user will not see any change.
How was this patch tested?
New tests.