sanitize create acceleration queries and direct queries (#1605) (#1606)

(cherry picked from commit b4fd35e) Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
opensearch-project · Mar 21, 2024 · 776ce9f · 776ce9f
1 parent e089310
commit 776ce9f
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 4 deletions.
diff --git a/common/constants/data_sources.ts b/common/constants/data_sources.ts
@@ -38,6 +38,7 @@ export const ACCELERATION_ADD_FIELDS_TEXT = '(add fields here)';
 export const ACCELERATION_INDEX_NAME_REGEX = /^[a-z0-9_]+$/;
 export const ACCELERATION_S3_URL_REGEX = /^(s3|s3a):\/\/[a-zA-Z0-9.\-]+/;
 export const SPARK_HIVE_TABLE_REGEX = /Provider:\s*hive/;
+export const SANITIZE_QUERY_REGEX = /\s+/g;
 export const TIMESTAMP_DATATYPE = 'timestamp';
 
 export const ACCELERATION_INDEX_TYPES = [

diff --git a/public/components/common/search/direct_search.tsx b/public/components/common/search/direct_search.tsx
@@ -18,11 +18,15 @@ import {
   EuiPopoverFooter,
   EuiToolTip,
 } from '@elastic/eui';
+import { i18n } from '@osd/i18n';
 import { isEmpty, isEqual } from 'lodash';
 import React, { useEffect, useState } from 'react';
 import { batch, useDispatch, useSelector } from 'react-redux';
-import { i18n } from '@osd/i18n';
-import { ASYNC_POLLING_INTERVAL, QUERY_LANGUAGE } from '../../../../common/constants/data_sources';
+import {
+  ASYNC_POLLING_INTERVAL,
+  QUERY_LANGUAGE,
+  SANITIZE_QUERY_REGEX,
+} from '../../../../common/constants/data_sources';
 import {
   APP_ANALYTICS_TAB_ID_REGEX,
   RAW_QUERY,
@@ -223,9 +227,10 @@ export const DirectSearch = (props: any) => {
       );
     });
     const sessionId = getAsyncSessionId(explorerSearchMetadata.datasources[0].label);
+    const requestQuery = tempQuery || query;
     const requestPayload = {
       lang: lang.toLowerCase(),
-      query: tempQuery || query,
+      query: requestQuery.replaceAll(SANITIZE_QUERY_REGEX, ' '),
       datasource: explorerSearchMetadata.datasources[0].label,
     } as DirectQueryRequest;
 

diff --git a/...ts/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx b/...ts/manage/accelerations/create_accelerations_flyout/create/create_acceleration_button.tsx
@@ -5,6 +5,7 @@
 
 import { EuiButton } from '@elastic/eui';
 import React, { useEffect, useState } from 'react';
+import { SANITIZE_QUERY_REGEX } from '../../../../../../../../common/constants/data_sources';
 import { CreateAccelerationForm } from '../../../../../../../../common/types/data_connections';
 import {
   DirectQueryLoadingStatus,
@@ -39,7 +40,7 @@ export const CreateAccelerationButton = ({
 
     const requestPayload: DirectQueryRequest = {
       lang: 'sql',
-      query: accelerationQueryBuilder(accelerationFormData),
+      query: accelerationQueryBuilder(accelerationFormData).replaceAll(SANITIZE_QUERY_REGEX, ' '),
       datasource: accelerationFormData.dataSource,
     };