Skip to content

Add view text hash info to accessControlReferences #24955

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 7 commits into
base: master
Choose a base branch
from
Draft

Add view text hash info to accessControlReferences #24955

wants to merge 7 commits into from

Conversation

kevintang2022
Copy link
Contributor

@kevintang2022 kevintang2022 commented Apr 23, 2025
edited
Loading

Description

In addition to the raw SQL string that the user submitted, checkQueryIntegrity needs to have view definitions used inside the of the query to validate against the credentials passed in through the identity.

Motivation and Context

This is to address the security vulnerability if a view definition gets changed in between when the approved credential was generated and when the query begins executing.

Impact

  • Add extra view text fields to AccessControlReferences
  • change checkQueryintegrity API to take in view text

Test Plan

Contributor checklist

  • Please make sure your submission complies with our contributing guide, in particular code style and commit standards.
  • PR description addresses the issue accurately and concisely. If the change is non-trivial, a GitHub Issue is referenced.
  • Documented new properties (with its default value), SQL syntax, functions, or other functionality.
  • If release notes are required, they follow the release notes guidelines.
  • Adequate tests were added if applicable.
  • CI passed.

Release Notes

Please follow release notes guidelines and fill in the release notes below.

== RELEASE NOTES ==

General Changes
* ... 
* ... 

Hive Connector Changes
* ... 
* ...

If release note is NOT required, use:

== NO RELEASE NOTE ==

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

@facebook-github-bot
Copy link
Collaborator

@kevintang2022 has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kevintang2022 @facebook-github-bot