Cheng Lian created SPARK-19912: ---------------------------------- Summary: String literals are not escaped while performing partition pruning at Hive metastore level Key: SPARK-19912 URL: https://issues.apache.org/jira/browse/SPARK-19912 Project: Spark Issue Type: Bug Components: SQL Affects Versions: 2.1.1, 2.2.0 Reporter: Cheng Lian
{{Shim_v0_13.convertFilters()}} doesn't escape string literals while generating Hive style partition predicates. The following SQL-injection-like test case illustrates this issue: {code} test("foo") { withTable("foo") { Seq( (1, "p1", "q1"), (2, "p1\" and q=\"q1", "q2") ).toDF("a", "p", "q").write.partitionBy("p", "q").saveAsTable("foo") checkAnswer( spark.table("foo").filter($"p" === "p1\" and q = \"q1").select($"a"), Row(2) ) } } {code} -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org