[Information] Kusto-Query-Language library used to avoid code injection
mkulisic opened this issue · comments
Hello,
I am looking to build an API that allows our users to send us KQL queries to run over their data stored in our tables. The concern with this is that a clever user might be able to fish out data that isn't theirs from our cluster if we just allow this to run. Since we have a middleman between us and the customer it doesn't seem like we would be able to leverage something like row level security. After doing a bit of research and testing with this library I think it could be used to do this. Is there way to search for all data sources in a query while traversing the tree build by KustoCode? I know we can search for functions and tables separately but if there is a way to bunch them together to avoid missing any sources that would be great. If we can identify all data sources than we can make sure we scope them accordingly when we build the queries.
Thanks
If you are acting as middle-tier: You should be able to use a specially built 'restrict' statement to impose what tables, columns, and filters the end-customer can see. It is a special mechanism built for this scenario - and it allows middle-tier to prefix each query with a constant statements that can't be jail-breaked with the query, and doesn't require middle-tier to parse the query (therefore, it is simpler and safer to use)