Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validation for SQL queries in DataFrame.readSqlQuery #502

Merged
merged 4 commits into from
Nov 13, 2023
Merged

Add validation for SQL queries in DataFrame.readSqlQuery #502

merged 4 commits into from
Nov 13, 2023

Conversation

zaleslaw
Copy link
Collaborator

@zaleslaw zaleslaw commented Nov 13, 2023
edited

Fixes #498

A validation function has been added to DataFrame.readSqlQuery to handle cases where an inappropriate SQL query is passed.

The function verifies that the SQL query starts with "SELECT" and doesn't contain any other DDL, DML, or DCL operators to prevent data manipulation.

Corresponding test cases were also added in h2Test to ensure that an IllegalArgumentException is thrown when the SQL query is incorrect.

@zaleslaw
Add validation for SQL queries in DataFrame.readSqlQuery
d230f11 
A validation function has been added to DataFrame.readSqlQuery to handle cases where an inappropriate SQL query is passed. The function verifies that the SQL query starts with "SELECT" and doesn't contain any other DDL, DML, or DCL operators to prevent data manipulation. Corresponding test cases were also added in h2Test to ensure that an IllegalArgumentException is thrown when the SQL query is incorrect.
@zaleslaw zaleslaw added this to the 0.12.1 milestone Nov 13, 2023
@zaleslaw zaleslaw linked an issue Nov 13, 2023 that may be closed by this pull request
Incorrect queries with DML and DDL operators should throw an exception #498
Closed
@zaleslaw
Merge branch '0.12.1' into issue-498
7bf2bb0
@zaleslaw
Add tests for SQL commit and refine validation
684d1c4 
Tests were added to the h2Test to cover cases reported in issues Kotlin#494 and Kotlin#498 in the DataFrame. Furthermore, SQL query validation in DataFrame.readSqlQuery was softened to accept SELECT statements only, removing other restrictions that checked against DDL or DML or DCL operators. New test cases were introduced to ensure that unexpected SQL statements result in thrown IllegalArgumentExceptions, improving overall robustness.
@zaleslaw
Copy link
Collaborator Author

@Jolanrensen I simplified a little bit of code and added some tests

Tests were added to the h2Test to cover cases reported in issues #494 and #498 in the DataFrame. Furthermore, SQL query validation in DataFrame.readSqlQuery was softened to accept SELECT statements only, removing other restrictions that checked against DDL or DML or DCL operators. New test cases were introduced to ensure that unexpected SQL statements result in thrown IllegalArgumentExceptions, improving overall robustness.

@zaleslaw zaleslaw merged commit 51fa88a into Kotlin:0.12.1 Nov 13, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jolanrensen Jolanrensen Awaiting requested review from Jolanrensen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.12.1
Development

Successfully merging this pull request may close these issues.

Incorrect queries with DML and DDL operators should throw an exception
2 participants
@zaleslaw @Jolanrensen