pjfanning commented on code in PR #7548:
URL: https://github.com/apache/gravitino/pull/7548#discussion_r2179636489
##########
catalogs/catalog-jdbc-common/src/main/java/org/apache/gravitino/catalog/jdbc/utils/DataSourceUtils.java:
##########
@@ -76,6 +78,41 @@ private static Properties getProperties(JdbcConfig
jdbcConfig) {
return properties;
}
+ private static void validateJdbcConfig(JdbcConfig jdbcConfig) {
+ String driver = jdbcConfig.getJdbcDriver();
+ String url = jdbcConfig.getJdbcUrl();
+ Map<String, String> all = jdbcConfig.getAllConfig();
+ String lowerUrl = url == null ? "" : url.toLowerCase();
Review Comment:
You should URL decode the JDBC URL because sometimes, people can sneakily
try to evade checks like this by URL escaping 1 or more chars the URL including
the query param names. In Zeppelin, we URL decode the string in a loop in case
there is double or triple encoding (or worse).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
