Uploaded image for project: 'Talend DI components'
  1. Talend DI components
  2. TDI-46715

JDBC's tck input component allow non readonly input queries

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • Hide
      1. Create a jdbc connection pointing to a DB with a table <my_table>
      2. Go in the dataset creation form
      3. Select the connection created in 1
      4. Select the type "Request"
      5. Enter the following request : 
        SELECT * FROM <my_table>; DROP TABLE <my_table>
      6. Click on the preview button once, it may work. Click a second time and the table <my_table> will no longer be found because it has been dropped.
      Show
      Create a jdbc connection pointing to a DB with a table <my_table> Go in the dataset creation form Select the connection created in 1 Select the type "Request" Enter the following request : SELECT * FROM <my_table>; DROP TABLE <my_table> Click on the preview button once, it may work. Click a second time and the table <my_table> will no longer be found because it has been dropped.
    • All
    • Small

    Description

      Wen creating a dataset via a JDBC connection with an input query, it is executed in this method.

      Before executing the query, one check is performed via a method named isNotReadOnlySQLQuery(). This method use a regex pattern to ensure that the query starts with a "SELECT" and is readonly

      The issue here is that this regex will allow to chain several queries separated with a ';', meaning that you can perform any operation after the first SELECT.
      For instance, the following query will be considered as readonly and be executed by the component:

      SELECT * FROM my_table; DROP  TABLE  my_table;

      However it is obviously NOT readonly, as the table will be dropped. Tested with ypiel on AT.

      Attachments

        Activity

          People

            pteyssier pierre teyssier
            afournier Arnaud Fournier
            Dmytro Ochkas, Xuejing Liu
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: