[FEATURE] Add option to disallow catalog views

opensearch-project / opensearch-spark

Spark Accelerator framework ; It enables secondary indices to remote data stores.

Apache License 2.0

21 stars 32 forks source link

[FEATURE] Add option to disallow catalog views #534

Open asuresh8 opened 3 months ago

asuresh8 commented 3 months ago

Catalog views cannot be trusted because they can inject custom code. To work with secure environments, an option should exist to disallow this SQL injection technique.

penghuo commented 2 months ago

do u mean glue catalog view?

asuresh8 commented 2 months ago

Yes glue catalog view can potentially have injected code.

dblock commented 2 months ago

[Catch All Triage - 1, 2, 3, 4, 5]

penghuo commented 2 months ago

per doc https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-glue-views.html. How can we determine if a query references a view in Glue? One approach is through the analyzer, which retrieves metadata from Glue, potentially including information about views. However, the challenge lies in how the spark extension can interpret the analyzer's behavior and prevent access to views.