[feat][CGS][entrance] add support for controlling location clause usage in Hive tasks for security by v-kkhuang · Pull Request #962 · WeDataSphere/linkis

v-kkhuang · 2026-03-26T06:34:35Z

What is the purpose of the change

Background/Problem:
Currently, Hive tasks can use the LOCATION clause to specify custom data locations. This poses security risks as it allows users to potentially access unauthorized data paths or interfere with other users' data, compromising system security and data isolation.

Purpose of Change:
To address this security issue, this PR adds a control mechanism to disable the LOCATION clause in Hive tasks. The solution introduces a configuration option linkis.entrance.sql.explain.hive.location.control.enabled that, when enabled, prevents users from executing Hive SQL statements containing the LOCATION clause.

Value/Impact:
After this change, administrators can prevent users from using the LOCATION clause in Hive tasks, enhancing system security by ensuring users cannot access unauthorized data paths or interfere with other users' data through custom location specifications.

Related issues/PRs

Related issues: close #961

Brief change log

Add configuration linkis.entrance.sql.explain.hive.location.control.enabled to control LOCATION clause validation
Implement LOCATION clause detection in Explain interceptor for Hive tasks
Add comprehensive unit tests for LOCATION control logic
Update EntranceConfiguration with new configuration keys
Add design documentation and Cucumber feature specification

Checklist

I have read the Contributing Guidelines on pull requests.
I have explained the need for this PR and the problem it solves
I have explained the changes or the new features added to this PR
I have added tests corresponding to this change
I have updated the documentation to reflect this change
I have verified that this change is backward compatible
If this is a code change: I have written unit tests to fully verify the new behavior.

Update version to 1.17.0

Co-authored-by: aiceflower <kinsanities@sina.com>

* support starrocks task for aisql * code format --------- Co-authored-by: aiceflower <kinsanities@sina.com> Co-authored-by: Casion <casionone@gmail.com>

* truncate column code push * resultset sensitive field masking code push * resultset sensitive field masking code push * resultset sensitive field masking code push * Document Optimization * push truncate column code * push truncate column code * push truncate column code * Document update

Co-authored-by: aiceflower <kinsanities@sina.com>

* truncate column code push * resultset sensitive field masking code push * resultset sensitive field masking code push * resultset sensitive field masking code push * Document Optimization * push truncate column code * push truncate column code * push truncate column code * Document update * code optimization * code optimization * code optimization * code optimization

* add sr logic * optimization sr --------- Co-authored-by: aiceflower <kinsanities@sina.com>

* truncate column code push * resultset sensitive field masking code push * resultset sensitive field masking code push * resultset sensitive field masking code push * Document Optimization * push truncate column code * push truncate column code * push truncate column code * Document update * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

Co-authored-by: aiceflower <kinsanities@sina.com>

* update netty version from 4.2.4 to 4.2.7 * add log and code format --------- Co-authored-by: aiceflower <kinsanities@sina.com>

* truncate column code push * resultset sensitive field masking code push * resultset sensitive field masking code push * resultset sensitive field masking code push * Document Optimization * push truncate column code * push truncate column code * push truncate column code * Document update * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* truncate column code push * resultset sensitive field masking code push * resultset sensitive field masking code push * resultset sensitive field masking code push * Document Optimization * push truncate column code * push truncate column code * push truncate column code * Document update * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * fix flink dependency error * code review fix * ai docs update

aisql whitelist logic fix

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * fix flink dependency error * code review fix * ai docs update * code optimization

* code optimization * code optimization * code optimization * code optimization

-将连接池参数设置移至 PoolingHttpClientConnectionManager 初始化后,确保连接池设置生效

…#809) #AI commit#

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * 提交ai agent 生成文档

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * 提交ai agent 生成文档 * code optimization

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * 提交ai agent 生成文档 * code optimization * 文档补充

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * 提交ai agent 生成文档 * code optimization * 文档补充 * 文档补充 * 文档补充 * 文档补充 * 修复引擎复用异常bug

…utor confs (#937) * #AI commit#开发阶段：新增功能 - spark引擎支持设置driver参数到driver端功能： 1. 新增配置项 wds.linkis.spark.driver.params.enabled 控制功能开关（默认关闭） 2. 新增配置项 wds.linkis.spark.driver.params.exclude 排除不设置的参数（逗号分隔） 3. 在executeLine方法中sc.setJobGroup后执行参数设置 4. 支持Spark版本检查，仅在3.4.4及以上版本执行 5. 异常隔离：参数设置失败记录WARNING日志，不影响任务执行 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * #AI commit# 开发阶段：新增功能 - spark引擎支持设置executor参数 * #AI commit# 开发阶段：功能增强 - spark引擎支持设置executor参数 * #AI commit# 开发阶段：优化日志信息 - 明确engineContext为null时的跳过原因 * #AI commit# 开发阶段：管理台支持展示引擎版本 * #AI commit# 代码回退:回退前端相关修改 * Revert "#AI commit# 开发阶段：管理台支持展示引擎版本" This reverts commit 29523f5. --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

* #AI commit# 开发阶段：优化spark参数获取 * #AI commit# 开发阶段：优化spark参数获取

casionone and others added 30 commits October 23, 2025 15:20

Update version to 1.17.0

ad7ee94

Update version to 1.17.0

Add AI-assisted docs

cd48479

add ai rules

7f53d68

add ai rules

ddc6390

optimization ai rules

a8e121c

remove print execute_code log (#874)

3196c34

Co-authored-by: aiceflower <kinsanities@sina.com>

nodeexecution support aisql (#876)

315147b

Co-authored-by: aiceflower <kinsanities@sina.com>

support starrocks task for aisql (#875)

6c7af81

* support starrocks task for aisql * code format --------- Co-authored-by: aiceflower <kinsanities@sina.com> Co-authored-by: Casion <casionone@gmail.com>

update failed to create ec log to warn

65653cd

添加根据数据源类型和代理用户查询发布可用数据源的接口及RPC实现 (#877)

2af3ad9

add sr logic (#879)

bd13150

Co-authored-by: aiceflower <kinsanities@sina.com>

Dev 1.17.0 webank sr (#881)

c81e908

* add sr logic * optimization sr --------- Co-authored-by: aiceflower <kinsanities@sina.com>

bes sup (#884)

9fa6464

code optimization (#883)

46f8de3

* code optimization * code optimization

Dev 1.17.0 code review fix (#885)

3807c1d

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

add runtime param code optimization

588cf44

remove bes dependency

2538c3b

update netty version from 4.2.4 to 4.2.7 (#887)

3c9e7f0

Co-authored-by: aiceflower <kinsanities@sina.com>

Dev 1.17.0 webank srl (#888)

8cddb98

* update netty version from 4.2.4 to 4.2.7 * add log and code format --------- Co-authored-by: aiceflower <kinsanities@sina.com>

template support multi creator

e4ef0c0

Dev 1.17.0 code review fix (#891)

e270c1e

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * fix flink dependency error * code review fix * ai docs update

aisql whitelist logic fix

442da6c

aisql whitelist logic fix

log optimization

0e9b8ce

fix hive ec multi task conf mix issue

e6eb0ca

Dev 1.17.0 code review fix (#894)

b8367ce

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * fix flink dependency error * code review fix * ai docs update * code optimization

daflyinbed and others added 27 commits December 26, 2025 10:13

fix: disallow login header (#912)

32a0e0b

code optimization (#916)

995cc42

Dev 1.18.0 code review fix (#919)

9fadf93

* code optimization * code optimization * code optimization * code optimization

fix(httpclient): 调整连接池参数设置

3163089

-将连接池参数设置移至 PoolingHttpClientConnectionManager 初始化后,确保连接池设置生效

Add pendingCount BML client connection information retrieval function (…

e622651

…#809) #AI commit#

Dev 1.18.0 code review fix (#922)

10373f3

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

Dev 1.18.0 code review fix (#923)

e7b478d

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

Dev 1.18.0 code review fix (#924)

2053b1c

* code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization * code optimization

docs optimization

956d09d

optimization log

17f486f

#AI commit#yarn接口新增参数过滤 (#932)

efe408b

#AI commit# 开发阶段：新增功能 - 添加批量获取队列资源功能支持 (#935)

a5de797

update version to 1.18.1

c824467

#AI commit# 开发阶段：管理台支持展示引擎版本 (#939)

65cb0c2

#AI commit# 开发阶段：增加日志打印 (#943)

f5f557f

#AI commit# 开发阶段：提交全局历史页面引擎版本展示agent 相关文档 (#942)

424bc67

[linkis][spark]optimize Spark parameter acquisition (#944)

088edfe

* #AI commit# 开发阶段：优化spark参数获取 * #AI commit# 开发阶段：优化spark参数获取

Update version to 1.18.0

6bb48ee

#AI commit# 开发阶段： Hive任务禁止使用LOCATION功能

b146736

v-kkhuang added the enhancement New feature or request label Mar 26, 2026

#AI commit# 开发阶段： Hive任务禁止使用LOCATION功能，测试报告相关文件提交

3257fdd

v-kkhuang closed this Mar 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[feat][CGS][entrance] add support for controlling location clause usage in Hive tasks for security#962

[feat][CGS][entrance] add support for controlling location clause usage in Hive tasks for security#962
v-kkhuang wants to merge 70 commits intodev-1.9.0from
dev-1.19.0-hive-location

v-kkhuang commented Mar 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

Conversation

v-kkhuang commented Mar 26, 2026

What is the purpose of the change

Related issues/PRs

Brief change log

Checklist

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants