commit | bbba171f0ba000b49f7b58f845f5100b74b81851 | [log] [tgz] |
---|---|---|
author | Hall Liu <hallliu@google.com> | Wed Jul 17 15:51:07 2019 -0700 |
committer | Max Spector <mspector@google.com> | Thu Oct 10 18:43:08 2019 -0700 |
tree | e00f420381b127ab7a040d5b0554aff272aacafd | |
parent | 86d1d9ea4e2e2cd92e0f7fadaff05580f9ef2405 [diff] |
DO NOT MERGE Examine sort field for sensitive fields Like with the selection field, the sort field poses a risk for SQL injection attacks that can expose sensitive information. Filter the supplied sort argument for sensitive fields and check permissions if it contains any. Bug: 135268868 Test: CTS Change-Id: I3ded273feca374410bbe33312e5148ff5096975c (cherry picked from commit ecf038d6ffb92810ba087da6e0cc81e095e083b2)