From 36a6ee01f4e386471b0ecd70db982136deef2dfa Mon Sep 17 00:00:00 2001
From: Nitin Singla <singlanitin50@gmail.com>
Date: Tue, 14 Jan 2025 21:41:08 +0530
Subject: [PATCH] Bug fix: Enhanced SQL statement validation with word boundary
 matching (#2324)

Co-authored-by: AbdulRehman Faraj <arfaraj@amazon.com>
---
 .../connectors/dynamodb/qpt/DDBQueryPassthrough.java | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/athena-dynamodb/src/main/java/com/amazonaws/athena/connectors/dynamodb/qpt/DDBQueryPassthrough.java b/athena-dynamodb/src/main/java/com/amazonaws/athena/connectors/dynamodb/qpt/DDBQueryPassthrough.java
index 68a6d70403..ec52d81714 100644
--- a/athena-dynamodb/src/main/java/com/amazonaws/athena/connectors/dynamodb/qpt/DDBQueryPassthrough.java
+++ b/athena-dynamodb/src/main/java/com/amazonaws/athena/connectors/dynamodb/qpt/DDBQueryPassthrough.java
@@ -21,7 +21,6 @@
 
 import com.amazonaws.athena.connector.lambda.exceptions.AthenaConnectorException;
 import com.amazonaws.athena.connector.lambda.metadata.optimizations.querypassthrough.QueryPassthroughSignature;
-import com.google.common.collect.ImmutableSet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.glue.model.ErrorDetails;
@@ -31,7 +30,6 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Set;
 
 public class DDBQueryPassthrough implements QueryPassthroughSignature
 {
@@ -82,15 +80,5 @@ public void customConnectorVerifications(Map<String, String> engineQptArguments)
         if (!upperCaseStatement.startsWith("SELECT")) {
             throw new AthenaConnectorException("Statement does not start with SELECT.", ErrorDetails.builder().errorCode(FederationSourceErrorCode.OPERATION_NOT_SUPPORTED_EXCEPTION.toString()).build());
         }
-
-        // List of disallowed keywords
-        Set<String> disallowedKeywords = ImmutableSet.of("INSERT", "UPDATE", "DELETE", "CREATE", "DROP", "ALTER");
-
-        // Check if the statement contains any disallowed keywords
-        for (String keyword : disallowedKeywords) {
-            if (upperCaseStatement.contains(keyword)) {
-                throw new AthenaConnectorException("Unaccepted operation; only SELECT statements are allowed. Found: " + keyword, ErrorDetails.builder().errorCode(FederationSourceErrorCode.OPERATION_NOT_SUPPORTED_EXCEPTION.toString()).build());
-            }
-        }
     }
 }