hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Naresh P R (Jira)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-23461) Needs to capture input/output entities in explainRewrite
Date Wed, 27 May 2020 05:46:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-23461?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Naresh P R updated HIVE-23461:
------------------------------
    Attachment: HIVE-23461.1.patch

> Needs to capture input/output entities in explainRewrite
> --------------------------------------------------------
>
>                 Key: HIVE-23461
>                 URL: https://issues.apache.org/jira/browse/HIVE-23461
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization
>            Reporter: Wenchao Li
>            Assignee: Naresh P R
>            Priority: Major
>         Attachments: HIVE-23461.1.patch, HIVE-23461.patch
>
>
> HIVE-18778(CVE-2018-1314) capture input/output entitles in explain semantic analyzer
so when a query is disallowed by Ranger, Sentry or Sqlstd authorizizer, the corresponding
explain statement will be disallowed either.
> However, ExplainSQRewriteSemanticAnalyzer also uses an instance of DDLSemanticAnalyzer
to analyze the explain rewrite query.
> {code:java}
> SemanticAnalyzer sem = (SemanticAnalyzer)
>  SemanticAnalyzerFactory.get(queryState, input);
> sem.analyze(input, ctx);
> sem.validate();{code}
>  
> The inputs/outputs entities for this query are never set on the instance of ExplainSQRewriteSemanticAnalyzer
itself and thus is not propagated into the HookContext in the calling Driver code. It is a
similar issue to HIVE-18778.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message