commit | 6f05a3afcf563a83d8f5b2857ae7d50201965b19 | [log] [tgz] |
---|---|---|
author | Hall Liu <hallliu@google.com> | Wed Jul 17 15:51:07 2019 -0700 |
committer | Max Spector <mspector@google.com> | Wed Sep 18 17:13:50 2019 -0700 |
tree | 5e5544f311266918b03b95b40c56d04627c19a0d | |
parent | 85ceae9d6873d1d3d3c4874611e3f65b3220c588 [diff] |
Examine sort field for sensitive fields Like with the selection field, the sort field poses a risk for SQL injection attacks that can expose sensitive information. Filter the supplied sort argument for sensitive fields and check permissions if it contains any. Bug: 135268868 Test: CTS Change-Id: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: Ia7be0ecdfca5e7adf6163dc015a413a98f1b9287 (cherry picked from commit 1e324464f36eff033af64099fe6bb6a7d1ab0463)