Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.1.2
-
None
-
2017-37
Description
Given a statement like
code
WITH t AS (SELECT a FROM t1 WHERE b >= 'c')
SELECT * FROM t2,t WHERE t2.c=t.a;
code
the current query classifier will not report fields used in the WITH clause, e.g. b.
Consequently, the database firewall filter will not block a statement using a forbidden field in the SELECT of the WITH clause.