From 443794d6a5788fc81260b2e5ff42bab9d99d7a4e Mon Sep 17 00:00:00 2001 From: "opensearch-trigger-bot[bot]" <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 13:38:11 -0700 Subject: [PATCH] sanitize create acceleration queries and direct queries (#1605) (#1607) (cherry picked from commit b4fd35ee6e15b7b74fdd38c36bebfc95801f2d7f) Signed-off-by: Shenoy Pratik Signed-off-by: github-actions[bot] Co-authored-by: github-actions[bot] --- common/constants/data_sources.ts | 1 + public/components/common/search/direct_search.tsx | 11 ++++++++--- .../create/create_acceleration_button.tsx | 3 ++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/common/constants/data_sources.ts b/common/constants/data_sources.ts index 542383991..e02243d56 100644 --- a/common/constants/data_sources.ts +++ b/common/constants/data_sources.ts @@ -38,6 +38,7 @@ export const ACCELERATION_ADD_FIELDS_TEXT = '(add fields here)'; export const ACCELERATION_INDEX_NAME_REGEX = /^[a-z0-9_]+$/; export const ACCELERATION_S3_URL_REGEX = /^(s3|s3a):\/\/[a-zA-Z0-9.\-]+/; export const SPARK_HIVE_TABLE_REGEX = /Provider:\s*hive/; +export const SANITIZE_QUERY_REGEX = /\s+/g; export const TIMESTAMP_DATATYPE = 'timestamp'; export const ACCELERATION_INDEX_TYPES = [ diff --git a/public/components/common/search/direct_search.tsx b/public/components/common/search/direct_search.tsx index 2b3d54127..fd99f3b42 100644 --- a/public/components/common/search/direct_search.tsx +++ b/public/components/common/search/direct_search.tsx @@ -18,11 +18,15 @@ import { EuiPopoverFooter, EuiToolTip, } from '@elastic/eui'; +import { i18n } from '@osd/i18n'; import { isEmpty, isEqual } from 'lodash'; import React, { useEffect, useState } from 'react'; import { batch, useDispatch, useSelector } from 'react-redux'; -import { i18n } from '@osd/i18n'; -import { ASYNC_POLLING_INTERVAL, QUERY_LANGUAGE } from '../../../../common/constants/data_sources'; +import { + ASYNC_POLLING_INTERVAL, + QUERY_LANGUAGE, + SANITIZE_QUERY_REGEX, +} from '../../../../common/constants/data_sources'; import { APP_ANALYTICS_TAB_ID_REGEX, RAW_QUERY, @@ -223,9 +227,10 @@ export const DirectSearch = (props: any) => { ); }); const sessionId = getAsyncSessionId(explorerSearchMetadata.datasources[0].label); + const requestQuery = tempQuery || query; const requestPayload = { lang: lang.toLowerCase(), - query: tempQuery || query, + query: requestQuery.replaceAll(SANITIZE_QUERY_REGEX, ' '), datasource: explorerSearchMetadata.datasources[0].label, } as DirectQueryRequest; diff --git a/public/components/datasources/components/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx b/public/components/datasources/components/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx index 4067ff258..b1429515c 100644 --- a/public/components/datasources/components/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx +++ b/public/components/datasources/components/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx @@ -5,6 +5,7 @@ import { EuiButton } from '@elastic/eui'; import React, { useEffect, useState } from 'react'; +import { SANITIZE_QUERY_REGEX } from '../../../../../../../../common/constants/data_sources'; import { CreateAccelerationForm } from '../../../../../../../../common/types/data_connections'; import { DirectQueryLoadingStatus, @@ -39,7 +40,7 @@ export const CreateAccelerationButton = ({ const requestPayload: DirectQueryRequest = { lang: 'sql', - query: accelerationQueryBuilder(accelerationFormData), + query: accelerationQueryBuilder(accelerationFormData).replaceAll(SANITIZE_QUERY_REGEX, ' '), datasource: accelerationFormData.dataSource, };