forked from apache/gravitino
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[apache#2179] Improvement: Improve security when creating and droppin…
…g schemas and tables (apache#2335) ### What changes were proposed in this pull request? Improve security when creating and dropping schemas and tables. This PR adds the following checks for identifier names using the capability framework - Regex check - As a best practice, it's generally advised to avoid including spaces in database names. In this PR, database names that include space will be considered illegal. - String length check, since SQL injection usually requires using longer string - Mysql: at most 64 characters - Postgresql: at most 63 characters We refer to specifications of the earliest version of DB that gravitino currently supports: - Postgresql identifier rules: https://www.postgresql.org/docs/12/sql-syntax-lexical.html#SQL-SYNTAX-IDENTIFIERS - Mysql identifier naming: https://dev.mysql.com/doc/refman/5.7/en/identifiers.html - Mysql identifier length limit: https://dev.mysql.com/doc/refman/5.7/en/identifier-length.html ### Why are the changes needed? Fix: apache#2179 ### Does this PR introduce _any_ user-facing change? Add name identifier checks before attempting to create or drop schemas and tables. ### How was this patch tested? Add IT tests.
- Loading branch information
1 parent
31c14c1
commit 5c15214
Showing
13 changed files
with
704 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
36 changes: 36 additions & 0 deletions
36
...dbc-common/src/main/java/com/datastrato/gravitino/catalog/jdbc/JdbcCatalogCapability.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Copyright 2024 Datastrato Pvt Ltd. | ||
* This software is licensed under the Apache License version 2. | ||
*/ | ||
package com.datastrato.gravitino.catalog.jdbc; | ||
|
||
import com.datastrato.gravitino.connector.capability.Capability; | ||
import com.datastrato.gravitino.connector.capability.CapabilityResult; | ||
|
||
public class JdbcCatalogCapability implements Capability { | ||
/** | ||
* Regular expression explanation: Regex that matches any string that maybe a filename with an | ||
* optional extension We adopt a blacklist approach that excludes filename or extension that | ||
* contains '.', '/', or '\' ^[^.\/\\]+(\.[^.\/\\]+)?$ | ||
* | ||
* <p>^ - Start of the string | ||
* | ||
* <p>[^.\/\\]+ - matches any filename string that does not contain '.', '/', or '\' | ||
* | ||
* <p>(\.[^.\/\\]+)? - matches an optional extension | ||
* | ||
* <p>$ - End of the string | ||
*/ | ||
// We use sqlite name pattern to be the default pattern for JDBC catalog for testing purposes | ||
public static final String SQLITE_NAME_PATTERN = "^[^.\\/\\\\]+(\\.[^.\\/\\\\]+)?$"; | ||
|
||
@Override | ||
public CapabilityResult specificationOnName(Scope scope, String name) { | ||
// TODO: Validate the name against reserved words | ||
if (!name.matches(SQLITE_NAME_PATTERN)) { | ||
return CapabilityResult.unsupported( | ||
String.format("The %s name '%s' is illegal.", scope, name)); | ||
} | ||
return CapabilityResult.SUPPORTED; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
13 changes: 13 additions & 0 deletions
13
...bc-doris/src/main/java/com/datastrato/gravitino/catalog/doris/DorisCatalogCapability.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
/* | ||
* Copyright 2024 Datastrato Pvt Ltd. | ||
* This software is licensed under the Apache License version 2. | ||
*/ | ||
package com.datastrato.gravitino.catalog.doris; | ||
|
||
import com.datastrato.gravitino.connector.capability.Capability; | ||
|
||
public class DorisCatalogCapability implements Capability { | ||
// Doris best practice mention that the name should be in lowercase, separated by underscores | ||
// https://doris.apache.org/docs/2.0/table-design/best-practice/ | ||
// We can use the more general DEFAULT_NAME_PATTERN for Doris and update as needed in the future | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
...bc-mysql/src/main/java/com/datastrato/gravitino/catalog/mysql/MysqlCatalogCapability.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* Copyright 2024 Datastrato Pvt Ltd. | ||
* This software is licensed under the Apache License version 2. | ||
*/ | ||
package com.datastrato.gravitino.catalog.mysql; | ||
|
||
import com.datastrato.gravitino.connector.capability.Capability; | ||
import com.datastrato.gravitino.connector.capability.CapabilityResult; | ||
|
||
public class MysqlCatalogCapability implements Capability { | ||
/** | ||
* Regular expression explanation: ^[\w\p{L}-$/=]{1,64}$ | ||
* | ||
* <p>^ - Start of the string | ||
* | ||
* <p>[\w\p{L}-$/=]{1,64} - Consist of 1 to 64 characters of letters (both cases), digits, | ||
* underscores, any kind of letter from any language, hyphens, dollar signs, slashes or equal | ||
* signs | ||
* | ||
* <p>\w - matches [a-zA-Z0-9_] | ||
* | ||
* <p>\p{L} - matches any kind of letter from any language | ||
* | ||
* <p>$ - End of the string | ||
*/ | ||
public static final String MYSQL_NAME_PATTERN = "^[\\w\\p{L}-$/=]{1,64}$"; | ||
|
||
@Override | ||
public CapabilityResult specificationOnName(Scope scope, String name) { | ||
// TODO: Validate the name against reserved words | ||
if (!name.matches(MYSQL_NAME_PATTERN)) { | ||
return CapabilityResult.unsupported( | ||
String.format("The %s name '%s' is illegal.", scope, name)); | ||
} | ||
return CapabilityResult.SUPPORTED; | ||
} | ||
} |
Oops, something went wrong.