Escape user input in string filters to preserve Spark semantics

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 10.6.1, 11.0.1
    • Affects Version/s: None
    • Component/s: None
    • None
    • Java Drivers
    • Not Needed
    • None
    • None
    • None
    • None
    • None
    • None

      Connector translates Spark string filters (contains, startsWith, endsWith) into $regex without escaping user input. This turns literal matching into regex evaluation (e.g., ".*" matches everything), breaking Spark semantics and theoretically enabling regex injection.

      Expected
      User input treated as literal string in Spark’s LIKE and string filters (contains, startsWith, endsWith).

      Actual
      User input interpreted as regex when pushed down to the connector.

      Acceptance criteria

      • contains()/startsWith/endsWith treats any character as literals.
      • Add regression tests with metacharacters (including \Q and \E) to verify escaping cannot be bypassed.

            Assignee:
            Slav Babanin
            Reporter:
            Slav Babanin
            Ross Lawley
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: