commit | 575645776d402fa86b7b1317fd852955cc3c000e | [log] [tgz] |
---|---|---|
author | Hall Liu <hallliu@google.com> | Wed Jul 17 15:51:07 2019 -0700 |
committer | Max Spector <mspector@google.com> | Wed Sep 18 17:14:15 2019 -0700 |
tree | 7d185595901938ba75d5485012624c7ce5e19fb4 | |
parent | 2f3fe95c140ea37550454e5e5fec4b7d774064ce [diff] |
Examine sort field for sensitive fields Like with the selection field, the sort field poses a risk for SQL injection attacks that can expose sensitive information. Filter the supplied sort argument for sensitive fields and check permissions if it contains any. Bug: 135268868 Test: CTS Change-Id: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: I3ded273feca374410bbe33312e5148ff5096975c Merged-In: Ia7be0ecdfca5e7adf6163dc015a413a98f1b9287 (cherry picked from commit 1e324464f36eff033af64099fe6bb6a7d1ab0463)