[jira] [Created] (SPARK-19912) String literals are not escaped while performing partition pruning at Hive metastore level

Cheng Lian (JIRA) Fri, 10 Mar 2017 15:18:27 -0800

Cheng Lian created SPARK-19912:
----------------------------------

             Summary: String literals are not escaped while performing 
partition pruning at Hive metastore level
                 Key: SPARK-19912
                 URL: https://issues.apache.org/jira/browse/SPARK-19912
             Project: Spark
          Issue Type: Bug
          Components: SQL
    Affects Versions: 2.1.1, 2.2.0
            Reporter: Cheng Lian



{{Shim_v0_13.convertFilters()}} doesn't escape string literals while generating 
Hive style partition predicates.

The following SQL-injection-like test case illustrates this issue:
{code}
  test("foo") {
    withTable("foo") {
      Seq(
        (1, "p1", "q1"),
        (2, "p1\" and q=\"q1", "q2")
      ).toDF("a", "p", "q").write.partitionBy("p", "q").saveAsTable("foo")

      checkAnswer(
        spark.table("foo").filter($"p" === "p1\" and q = \"q1").select($"a"),
        Row(2)
      )
    }
  }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Created] (SPARK-19912) String literals are not escaped while performing partition pruning at Hive metastore level

Reply via email to