pjfanning commented on code in PR #4949:
URL: https://github.com/apache/zeppelin/pull/4949#discussion_r2202777873
##########
jdbc/src/main/java/org/apache/zeppelin/jdbc/JDBCInterpreter.java:
##########
@@ -589,17 +597,123 @@ public Connection getConnection(InterpreterContext
context)
}
private void validateConnectionUrl(String url) {
- String decodedUrl;
- decodedUrl = URLDecoder.decode(url, StandardCharsets.UTF_8);
+ final String decodedUrl = urlDecode(url, url, 0);
+ final Map<String, String> params = parseUrlParameters(decodedUrl);
+
+ if (containsKeyIgnoreCase(params, ALLOW_LOAD_LOCAL) ||
+ containsKeyIgnoreCase(params, ALLOW_LOAD_LOCAL_IN_FILE_NAME) ||
+ containsKeyIgnoreCase(params, ALLOW_LOCAL_IN_FILE_NAME) ||
+ containsKeyIgnoreCase(params, ALLOW_URL_IN_LOCAL_IN_FILE_NAME) ||
+ containsKeyIgnoreCase(params, ALLOW_LOAD_LOCAL_IN_FILE_IN_PATH) ||
+ containsKeyIgnoreCase(params, AUTO_DESERIALIZE) ||
+ containsKeyIgnoreCase(params, SOCKET_FACTORY)) {
+ throw new IllegalArgumentException("Connection URL contains sensitive
configuration");
+ }
Review Comment:
I can't commit this unless it compiles so please don't use the suggestion
option to suggest incomplete code.
I also disagree that this is more readable. The existing code in this PR is
closer to the existing style in the existing codebase.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: reviews-unsubscr...@zeppelin.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
