Skip to content

Commit

Permalink
SQL: supplement input checks on received request parameters (#52229) (#…
Browse files Browse the repository at this point in the history
…52276)

* SQL: supplement input checks on received request parameters (#52229)

* Add more checks around parameter conversions

This commit adds two necessary verifications on received parameters:
- it checks the validity of the parameter's data type: if the declared
data type is resolved to an ES or Java type;
- it checks if the returned converter is non-null (i.e. a conversion is
possible) and generates an appropriate exception otherwise.

(cherry picked from commit eda30ac)
  • Loading branch information
bpintea authored Feb 12, 2020
1 parent 5cf25e1 commit fd2cd1c
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,20 @@ public void testErrorMessageForTranslatingSQLCommandStatement() throws IOExcepti
containsString("Cannot generate a query DSL for a special SQL command " +
"(e.g.: DESCRIBE, SHOW), sql statement: [SHOW FUNCTIONS]"));
}

public void testErrorMessageForInvalidParamDataType() throws IOException {
expectBadRequest(() -> runTranslateSql(
"{\"query\":\"SELECT null WHERE 0 = ? \", \"mode\": \"odbc\", \"params\":[{\"type\":\"invalid\", \"value\":\"irrelevant\"}]}"
),
containsString("Cannot cast value [irrelevant] of type [KEYWORD] to parameter type [UNSUPPORTED]")
);
}

public void testErrorMessageForInvalidParamSpec() throws IOException {
expectBadRequest(() -> runTranslateSql(
"{\"query\":\"SELECT null WHERE 0 = ? \", \"mode\": \"odbc\", \"params\":[{\"type\":\"SHAPE\", \"value\":false}]}"
),
containsString("Cannot cast value [false] of type [BOOLEAN] to parameter type [SHAPE]")
);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@

import static java.util.Collections.emptyList;
import static java.util.Collections.singletonList;
import static org.elasticsearch.xpack.sql.type.DataTypeConversion.canConvert;
import static org.elasticsearch.xpack.sql.type.DataTypeConversion.conversionFor;
import static org.elasticsearch.xpack.sql.util.DateUtils.asDateOnly;
import static org.elasticsearch.xpack.sql.util.DateUtils.asTimeOnly;
Expand Down Expand Up @@ -716,6 +717,10 @@ public Literal visitParamLiteral(ParamLiteralContext ctx) {
}
// otherwise we need to make sure that xcontent-serialized value is converted to the correct type
try {
if (canConvert(sourceType, dataType) == false) {
throw new ParsingException(source, "Cannot cast value [{}] of type [{}] to parameter type [{}]", param.value, sourceType,
dataType);
}
return new Literal(source, conversionFor(sourceType, dataType).convert(param.value), dataType);
} catch (SqlIllegalArgumentException ex) {
throw new ParsingException(ex, source, "Unexpected actual parameter type [{}] for type [{}]", sourceType, param.type);
Expand Down

0 comments on commit fd2cd1c

Please sign in to comment.