From ba3d5eee381d5f1e1345a200a63ab734ff9ed3ac Mon Sep 17 00:00:00 2001
From: composer <2789706336@qq.com>
Date: Sat, 29 Jun 2024 03:24:28 +0800
Subject: [PATCH] fix: prevent SQL Injection Attacks

---
 exporter/dorisexporter/config.go | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/exporter/dorisexporter/config.go b/exporter/dorisexporter/config.go
index 0b8d12a80c0f..6f7d9622d999 100644
--- a/exporter/dorisexporter/config.go
+++ b/exporter/dorisexporter/config.go
@@ -5,6 +5,7 @@ package dorisexporter // import "github.com/open-telemetry/opentelemetry-collect
 
 import (
 	"errors"
+	"regexp"
 	"time"
 
 	"go.opentelemetry.io/collector/config/configopaque"
@@ -61,6 +62,21 @@ func (cfg *Config) Validate() (err error) {
 		}
 	}
 
+	// Preventing SQL Injection Attacks
+	re := regexp.MustCompile(`^[a-zA-Z0-9_]+$`)
+	if !re.MatchString(cfg.Database) {
+		err = errors.Join(err, errors.New("database name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Logs) {
+		err = errors.Join(err, errors.New("logs table name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Traces) {
+		err = errors.Join(err, errors.New("traces table name must be alphanumeric and underscore"))
+	}
+	if !re.MatchString(cfg.Table.Metrics) {
+		err = errors.Join(err, errors.New("metrics table name must be alphanumeric and underscore"))
+	}
+
 	return err
 }