1 | #pragma once |
2 | |
3 | #include <string> |
4 | |
5 | |
6 | namespace DB |
7 | { |
8 | |
9 | /** Passing arbitrary connection string to ODBC Driver Manager is insecure, for the following reasons: |
10 | * 1. Driver Manager like unixODBC has multiple bugs like buffer overflow. |
11 | * 2. Driver Manager can interpret some parameters as a path to library for dlopen or a file to read, |
12 | * thus allows arbitrary remote code execution. |
13 | * |
14 | * This function will throw exception if connection string has insecure parameters. |
15 | * It may also modify connection string to harden it. |
16 | * |
17 | * Note that it is intended for ANSI (not multibyte) variant of connection string. |
18 | */ |
19 | std::string validateODBCConnectionString(const std::string & connection_string); |
20 | |
21 | } |
22 | |