amrishlal opened a new issue #7310:
URL: https://github.com/apache/pinot/issues/7310
Pinot currently allows for unrestricted use of groovy scripts in SQL
statements. As an example consider the following SQL statement:
```
SELECT groovy('{"returnType": "STRING", "isSingleValue": true}','new
File("/etc/hosts").text')
FROM baseballStats
```
This statement will return the content of '/etc/hosts' file from server back
to the user. Other such statements are possible where an unsuspecting or
malicious user could cause damage (SQL injection attacks etc). Hence, we would
like to disable the ability to run groovy scripts in SQL statements by default
with an option to enable groovy scripts by setting a configuration variable.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
