From 3769a88b9e0a7b99e4a11d7f115bbf9246d64b3f Mon Sep 17 00:00:00 2001
From: xunliu <xun@datastrato.com>
Date: Wed, 27 Mar 2024 07:56:41 +0800
Subject: [PATCH] fix security risk of SQL injection

---
 .../java/org/apache/submarine/server/SubmarineServer.java | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java b/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
index 5a3f9b8b93..c794646247 100644
--- a/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
+++ b/submarine-server/server-core/src/main/java/org/apache/submarine/server/SubmarineServer.java
@@ -123,13 +123,17 @@ protected void configure() {
           }
         });
 
-    setupRestApiContextHandler(webApp, conf);
+    // There is a security risk of SQL injection here,
+    // note that the RESTful interface cannot be provided until this is resolved
+    // setupRestApiContextHandler(webApp, conf);
 
     // Cookie config
     setCookieConfig(webApp);
 
+    // There is a security risk of SQL injection here,
+    // note that the RESTful interface cannot be provided until this is resolved
     // Notebook server
-    setupNotebookServer(webApp, conf, sharedServiceLocator);
+    // setupNotebookServer(webApp, conf, sharedServiceLocator);
 
     // Cluster Server
     // Cluster Server is useless for submarine now. Shield it to improve performance.