linkis
linkis copied to clipboard
apache
[Bug][linkis-jobhistory] There are risks of sql injection in some methods in JobHistoryMapper.xml
Search before asking
- [X] I searched the issues and found no similar issues.
Linkis Component
linkis-public-enhancements
Steps to reproduce
- param 'creator' in restful method 'listundone' will be passed to mybatis method 'countUndoneTaskWithUserCreator' , which cannot prevent sql injection.
Expected behavior
refactor unsecured methods in JobHistoryMapper.xml.
Your environment
- Linkis version used: 1.2.0
- Environment name and version:
- cdh-5.14.2
- hdp-3.1.5
- hive-2.1.1
- spark-3.2.1
- scala-2.12.2
- jdk 1.8.0_121
- ....
Anything else
No response
Are you willing to submit a PR?
- [ ] Yes I am willing to submit a PR!
:blush: Welcome to the Apache Linkis (incubating) community!!
We are glad that you are contributing by opening this issue.
Please make sure to include all the relevant context. We will be here shortly.
If you are interested in contributing to our website project, please let us know! You can check out our contributing guide on :point_right: How to Participate in Project Contribution.
Community
| WeChat Assistant | WeChat Public Account |
|---|---|
 |
 |
Mailing Lists
| name | description | Subscribe | Unsubscribe | archive |
|---|---|---|---|---|
| [email protected] | community activity information | subscribe | unsubscribe | archive |
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}