MCPcopy Index your code
hub / github.com/bytebase/bytebase / validateExtraConnectionParameters

Function validateExtraConnectionParameters

backend/api/v1/instance_service.go:1209–1224  ·  view source on GitHub ↗

validateExtraConnectionParameters validates extra connection parameters for security risks.

(engine storepb.Engine, params map[string]string)

Source from the content-addressed store, hash-verified

1207
1208// validateExtraConnectionParameters validates extra connection parameters for security risks.
1209func validateExtraConnectionParameters(engine storepb.Engine, params map[string]string) error {
1210 // Validate MySQL-compatible engines
1211 switch engine {
1212 case storepb.Engine_MYSQL, storepb.Engine_MARIADB, storepb.Engine_OCEANBASE, storepb.Engine_TIDB:
1213 for key := range params {
1214 normalizedKey := strings.ToLower(strings.TrimSpace(key))
1215 if normalizedKey == "allowallfiles" {
1216 // Disables file allowlist for LOAD DATA LOCAL INFILE and allows all files (might be insecure)
1217 return errors.Errorf("connection parameter %q is not allowed for security reasons. This parameter can allow a malicious database server to read arbitrary files from the client", key)
1218 }
1219 }
1220 default:
1221 // No validation needed for other engines
1222 }
1223 return nil
1224}

Calls 1

ErrorfMethod · 0.80