pawarprasad123 opened a new pull request, #457: URL: https://github.com/apache/atlas/pull/457
## What changes were proposed in this pull request? Precondition: Data from quick_start.py should be present. These DSL queries do not display data as expected: Table select min(createTime) Table groupby(owner) Table groupby(createTime) select owner, name, max(createTime) Table groupby(createTime) select owner, name, min(createTime) Table groupby(owner) select owner, count() hive_db select __timestamp, __modificationTimestamp, __state, __createdBy The search results pages do not display aggregated information nor the columns stated in the queries. Also It has been discovered that entity name in “create new entity” functionality is vulnerable to Stored Cross-Site scripting. Steps to reproduce: 1. Search for _ALL_ENTITY_TYPES and click on "create new entity". 2. Enter necessary information in the new window. 3. Capture request in Burp Intercept and include into name XSS payload. 4. Click on the new entity to edit its properties. 5. Observe XSS alert execution. XSS in the html code. ## How was this patch tested? manually tested <img width="1845" height="1071" alt="Screenshot from 2025-09-25 12-38-35" src="https://github.com/user-attachments/assets/85deb347-b50f-430d-b92c-1bf8357da46c"; /> <img width="1845" height="1071" alt="Screenshot from 2025-09-25 12-38-25" src="https://github.com/user-attachments/assets/8a7cabcb-0314-492a-8c8d-352c12884db2"; /> <img width="1845" height="1071" alt="Screenshot from 2025-09-25 12-37-45" src="https://github.com/user-attachments/assets/900f3720-be4c-462d-a7ed-8daee5ca0bee"; /> <img width="1845" height="1071" alt="Screenshot from 2025-09-25 12-36-39" src="https://github.com/user-attachments/assets/bf41fc14-a232-43c5-90d5-7c7e1513913e"; /> <img width="1845" height="1071" alt="Screenshot from 2025-09-25 12-36-26" src="https://github.com/user-attachments/assets/01b21d47-fb29-4053-9970-90eb1373e62f"; /> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
