-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sanitize create acceleration queries and direct queries #1605
Conversation
Signed-off-by: Shenoy Pratik <sgguruda@amazon.com>
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1605 +/- ##
=======================================
Coverage 57.75% 57.75%
=======================================
Files 367 367
Lines 13824 13825 +1
Branches 3627 3627
=======================================
+ Hits 7984 7985 +1
Misses 5777 5777
Partials 63 63
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@@ -39,7 +40,7 @@ export const CreateAccelerationButton = ({ | |||
|
|||
const requestPayload: DirectQueryRequest = { | |||
lang: 'sql', | |||
query: accelerationQueryBuilder(accelerationFormData), | |||
query: accelerationQueryBuilder(accelerationFormData).replaceAll(SANITIZE_QUERY_REGEX, ' '), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know I have code that's subject to the same issue, but this will also replace instances of multiple spaces in query strings and prevents things like adding single-line comments to queries.
It might be beyond the scope of this PR, but if we're doing this repeatedly, I think we should make a centralized sanitizeSql
method that can handle detecting spaces in strings and remove comments before it tries to normalize whitespace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed. We need also centralize direct query calls so that we keep sanitizeSql
method used only in one location. Have added this hook that can be used at all places from cache loaders, integrations to https://github.com/opensearch-project/dashboards-observability/blob/76d206c18bf412d9c4c541f06c991843a113ac7d/public/framework/datasources/direct_query_hook.tsx
Issue: #1503
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added comments to the issue we are tracking
Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> (cherry picked from commit b4fd35e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> (cherry picked from commit b4fd35e) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
(cherry picked from commit b4fd35e) Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
(cherry picked from commit b4fd35e) Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…roject#1605) (opensearch-project#1607) (cherry picked from commit b4fd35e) Signed-off-by: Shenoy Pratik <sgguruda@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> (cherry picked from commit 443794d)
Description
Sanitize queries which have a potential for users to add in a
\n
,\t
or extra white spacesIssues Resolved
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.