[CC-24497] Added validation for column check

[Tanish0019]

Problem

Ref: CC-24497

Solution

Added a check that sees if column names supplied as part of configuration do exist in at least one table. This prevents misuse of these configuration which can be used for SQL injection.

Does this solution apply anywhere else?

• [ ] yes
• [ ] no

If yes, where?

Test Strategy

Testing done:

• [ ] Unit tests
• [ ] Integration tests
• [ ] System tests
• [ ] Manual tests

Release Plan

[CC-24497]: https://confluentinc.atlassian.net/browse/CC-24497?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

[Tanish0019]

@ashoke-cube

Do you need add any new test cases for the method?

I'll add one

Again wouldn't that be another security issue, that any malicious user can simply turn it off?

Oh yeah. I was thinking of an internal config but forgot this is open source and the config can just be viewed

[sonarqube-confluent[bot]]

Analysis Details

7 Issues

• 0 Bugs
• 0 Vulnerabilities
• 7 Code Smells

Coverage and Duplications

• 93.80% Coverage (83.40% Estimated after merge)
• 0.00% Duplicated Code (10.80% Estimated after merge)

Project ID: kafka-connect-jdbc

View in SonarQube

[ConfluentJenkins]

Analysis Details

0 Issues

• 0 Bugs
• 0 Vulnerabilities
• 7 Code Smell

  Coverage and Duplications

• New Code Coverage : 93.8, Estimated coverage after merge : 83.4%
• New Duplications : 0

Project ID: kafka-connect-jdbc View in SonarQube