Replaced raw sql with dedicated truncate_table() to fix SQL Injection Vulnerability

aniketpalu · aniketpalu · commit 79b59da55b31 · 2026-02-26T23:37:09.000+05:30
Signed-off-by: Aniket Paluskar &lt;apaluska@redhat.com&gt;
diff --git a/sdk/python/feast/infra/offline_stores/contrib/oracle_offline_store/oracle.py b/sdk/python/feast/infra/offline_stores/contrib/oracle_offline_store/oracle.py
@@ -112,7 +112,7 @@ def _write_data_source(
                     f"Table '{table_ref}' already exists. "
                     f"Set allow_overwrite=True to truncate and replace data."
                 )
-            con.raw_sql(f"TRUNCATE TABLE {table_ref}")
+            con.truncate_table(table_ref)
 
         con.insert(table_name=table_ref, obj=table.to_pandas())
 

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ def _write_data_source(`
`112`	`112`	`f"Table '{table_ref}' already exists. "`
`113`	`113`	`f"Set allow_overwrite=True to truncate and replace data."`
`114`	`114`	`)`
`115`		`- con.raw_sql(f"TRUNCATE TABLE {table_ref}")`
	`115`	`+ con.truncate_table(table_ref)`
`116`	`116`
`117`	`117`	`con.insert(table_name=table_ref, obj=table.to_pandas())`
`118`	`118`