Github user srowen commented on a diff in the pull request:
https://github.com/apache/spark/pull/9202#discussion_r42743770
--- Diff:
sql/core/src/main/scala/org/apache/spark/sql/jdbc/JdbcDialects.scala ---
@@ -86,19 +94,58 @@ abstract class JdbcDialect {
* name is a reserved keyword, or in case it contains characters that
require quotes (e.g. space).
*/
def quoteIdentifier(colName: String): String = {
- s""""$colName""""
+ quoteString(colName, quoteChar)
+ }
+
+ /**
+ * Get the SQL query that should be used to find if the given table
exists.
+ * Call this method (and not tableExistsQuery) in order to verify
+ * that the table name is properly formed.
+ * @param table The name of the table.
+ * @return The SQL query to use for checking the table.
+ * @throws org.apache.spark.SparkException On invalid table name.
+ */
+ final def getTableExistsQuery(table: String): String = {
+ vetSqlIdentifier(table)
+ tableExistsQuery(table)
}
/**
* Get the SQL query that should be used to find if the given table
exists. Dialects can
* override this method to return a query that works best in a
particular database.
+ * Don't expose this method outside this class and its subclasses.
+ * Other consumers should call getTableExistsQuery instead. That method
+ * verifies that the table name is properly formed.
* @param table The name of the table.
* @return The SQL query to use for checking the table.
*/
- def getTableExistsQuery(table: String): String = {
+ protected def tableExistsQuery(table: String): String = {
s"SELECT * FROM $table WHERE 1=0"
}
+ /** Vet a user-supplied object id of the form
+ * [[catalog.]schema.]objectName
+ * by parsing it into a (catalog, schema, objectName)
+ * triple. The catalog and schema names may be empty. Raises
+ * a SparkException if the user-supplied id is malformed,
+ * e.g., is a string like "foo; drop database finance;",
+ * something intended for a SQL injection attack.
+ *
+ * @param rawId The user-supplied object id (name).
+ * @throws org.apache.spark.SparkException On invalid ids.
+ */
+ def vetSqlIdentifier(rawId: String) {
--- End diff --
How about a case class rather than generic tuple?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
