commit | f0db5f8dcc98fd52d153e35e41cd19d81df333df | [log] [tgz] |
---|---|---|
author | Hall Liu <hallliu@google.com> | Wed Jul 17 15:51:07 2019 -0700 |
committer | Max Spector <mspector@google.com> | Wed Sep 18 17:13:24 2019 -0700 |
tree | 9fb4c1bbee164955dd91302f72cc286befbbe9ea | |
parent | 6976e0b7d871e00af764c2b79cf36cb742c57523 [diff] |
Examine sort field for sensitive fields Like with the selection field, the sort field poses a risk for SQL injection attacks that can expose sensitive information. Filter the supplied sort argument for sensitive fields and check permissions if it contains any. Bug: 135268868 Test: CTS Change-Id: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: Ia7be0ecdfca5e7adf6163dc015a413a98f1b9287 (cherry picked from commit 1e324464f36eff033af64099fe6bb6a7d1ab0463)