MYSQL-80 Remove plugin .json file for version 2.0.26 from the code repository, MYSQL-78 Support latest dvp version 3.1.0, MYSQL-59 Security -> Password field on UI can be used to inject SQL queries - Githubissues

delphix / mysqllinux

MySQLVirtualization Plugin for Delphix

Apache License 2.0

1 stars 9 forks source link

MYSQL-80 Remove plugin .json file for version 2.0.26 from the code repository, MYSQL-78 Support latest dvp version 3.1.0, MYSQL-59 Security -> Password field on UI can be used to inject SQL queries #21

Closed gmanhas23 closed 1 year ago

gmanhas23 commented 1 year ago

…ueries

Problem

Remove plugin .json file for version 2.0.26 from the code repository
Plugin should be supported with latest dvp version 3.1.0, corresponding to Python 2.7
User is able to inject SQL queries using password field in both Linking and Provisioning wizard. Bug created https://delphix.atlassian.net/browse/MYSQL-59

Solution

Remove plugin .json file for version 2.0.26 from the code repository
Added a new required schema for DVP 3.1.0 Snapshot Parameters Definition.
Disallowed spaces, single quotes and double quotes from the UI for password strings.

Testing Done

Tested with the query strings on dsource and VDB creation pages and user is not able to write SQL queries onto the textbox in UI