fix: prevent SQL Injection Attacks

exporter/dorisexporter/config.go

@@ -5,6 +5,7 @@ package dorisexporter // import "github.com/open-telemetry/opentelemetry-collect
 
 import (
 	"errors"
+	"regexp"
 	"time"
 
 	"go.opentelemetry.io/collector/config/configopaque"
@@ -61,6 +62,21 @@ func (cfg *Config) Validate() (err error) {
 		}
 	}
 
+	// Preventing SQL Injection Attacks
+	re := regexp.MustCompile(`^[a-zA-Z0-9_]+$`)
+	if !re.MatchString(cfg.Database) {
+		err = errors.Join(err, errors.New("database name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Logs) {
+		err = errors.Join(err, errors.New("logs table name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Traces) {
+		err = errors.Join(err, errors.New("traces table name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Metrics) {
+		err = errors.Join(err, errors.New("metrics table name must be alphanumeric and underscore"))
+	}
+
 	return err
 }