Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sql parameter support to essql expression #94457

Closed
poffdeluxe opened this issue Mar 11, 2021 · 1 comment · Fixed by #99549
Closed

Add sql parameter support to essql expression #94457

poffdeluxe opened this issue Mar 11, 2021 · 1 comment · Fixed by #99549
Assignees
@poffdeluxe
Labels
enhancement New value added to drive a business result Feature:Canvas impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. loe:medium Medium Level of Effort Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas

Comments

@poffdeluxe
Copy link
Contributor

poffdeluxe commented Mar 11, 2021
edited
Loading

Elasticsearch SQL supports passing parameters to queries.
We should add an argument to the essql expression function that allows users to pass in parameters to the query.

Some users are passing in parameters using the urlparam function and then passing that into the SQL function. This is particularly dangerous since there's no escaping in the SQL and SQL could be injected.

Additionally, at the moment, if you're using a Canvas variable to modify your SQL query, you have to use the string expression function to do a bunch of complicated string concatenation that is very hard to read. If we passed in parameters, it would make using variables in your SQL much easier.
@poffdeluxe poffdeluxe added enhancement New value added to drive a business result Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas loe:needs-research This issue requires some research before it can be worked on or estimated Feature:Canvas impact:needs-assessment Product and/or Engineering needs to evaluate the impact of the change. labels Mar 11, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-presentation (Team:Presentation)

@poffdeluxe poffdeluxe mentioned this issue Mar 17, 2021
Merged
@poffdeluxe poffdeluxe mentioned this issue Apr 15, 2021
Closed
@poffdeluxe poffdeluxe added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. loe:medium Medium Level of Effort and removed impact:needs-assessment Product and/or Engineering needs to evaluate the impact of the change. loe:needs-research This issue requires some research before it can be worked on or estimated labels Apr 15, 2021
@poffdeluxe poffdeluxe self-assigned this Apr 15, 2021
@poffdeluxe poffdeluxe mentioned this issue May 6, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@poffdeluxe poffdeluxe

Labels
enhancement New value added to drive a business result Feature:Canvas impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. loe:medium Medium Level of Effort Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas
Projects
None yet
Milestone
No milestone
2 participants
@poffdeluxe @elasticmachine