Parameterize segment IDs#16174
Conversation
kfaraz
left a comment
kfaraz
left a comment
There was a problem hiding this comment.
Thanks for the change, @abhishekrb19 . This is very useful!
It would be nice to have a test to verify that the code throws an exception when passing illegal values for the version or any other column.
|
@kfaraz, thanks for taking a look!
What kind of validation and exception did you have in mind? Currently, the code doesn't perform any type checks for the columns. |
I should think that JDBI would throw some exception if we try to bind am invalid string which contains, say a substring like |
|
Ah, I see. The JDBI library doesn't check for "illegal" values for the named parameters as it's contextual. I ran a test with such values and it seems the library just treats them as any other string literal. That said, the binding itself makes the query safe to execute and I think if we want to detect illegal values or perform semantic validation, it has to be done at a layer on top (I'm not sure if that check can be full-proof though). |
Yeah, that's a fair point. Thanks for the clarification. |
3 participants
Issue:
The
markUsedAPI accepts either anintervalorsegmentIds. When using segment IDs, the underlying query uses anINclause with the user-provided values inlined directly in the query instead of being parameterized.Fix:
This patch fixes that by adding the following utilities specifically for queries that contain an
INclause:getParameterizedInConditionForColumn()bindColumnValuesToQueryWithInCondition()Other related changes:
Renamed the following functions for consistency and code hygiene:
appendConditionForIntervalsAndMatchMode()togetConditionForIntervalsAndMatchMode(). Pass only select arguments to the function.bindQueryIntervals()tobindIntervalsToQuery()Release note:
The
segmentIdsfilter in themarkUsedAPI payload is parameterized in the DB query.This PR has: