Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #161 - Wrong queries causes unhandled exceptions #162

Closed
wants to merge 8 commits into from
Closed

Fix #161 - Wrong queries causes unhandled exceptions #162

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2295415
Fix Bug #161 - hanging queries
regevbr Nov 20, 2019
cf28b7a
Fix Bug #161 - hanging queries
regevbr Nov 20, 2019
eac608a
Fix Bug #161 - hanging queries
regevbr Nov 26, 2019
4dfe851
Fix Bug #161 - hanging queries
regevbr Nov 26, 2019
35f96fe
Fix Bug #161 - hanging queries
regevbr Nov 29, 2019
1eacf47
Fix Bug #161 - hanging queries
regevbr Nov 29, 2019
572716c
Fix Bug #161 - hanging queries
regevbr Nov 29, 2019
0c5e808
Merge branch 'master' into #161
regevbr Dec 23, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 82 additions & 12 deletions lib/sql.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -704,7 +704,15 @@ SQLConnector.prototype.save = function(model, data, options, cb) {

let updateStmt = new ParameterizedSQL('UPDATE ' + this.tableEscaped(model));
updateStmt.merge(this.buildFieldsForUpdate(model, data));
const whereStmt = this.buildWhere(model, where);
let whereStmt;
try {
whereStmt = this.buildWhere(model, where);
} catch (err) {
if (cb) {
cb(err);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: let's shorten this block as follows:

if (cb) cb(err);
return;

Same comment applies to other similar places too.

return;
}
updateStmt.merge(whereStmt);
updateStmt = this.parameterize(updateStmt);
this.execute(updateStmt.sql, updateStmt.params, options,
Expand All @@ -731,7 +739,14 @@ SQLConnector.prototype.exists = function(model, id, options, cb) {
'SELECT 1 FROM ' + this.tableEscaped(model) +
' WHERE ' + this.idColumnEscaped(model),
);
selectStmt.merge(this.buildWhere(model, where));
try {
selectStmt.merge(this.buildWhere(model, where));
} catch (err) {
if (cb) {
cb(err);
}
return;
}
selectStmt = this.applyPagination(model, selectStmt, {
limit: 1,
offset: 0,
Expand Down Expand Up @@ -798,7 +813,15 @@ SQLConnector.prototype.buildDelete = function(model, where, options) {
* @param {Function} cb The callback function
*/
SQLConnector.prototype.destroyAll = function(model, where, options, cb) {
const stmt = this.buildDelete(model, where, options);
let stmt;
try {
stmt = this.buildDelete(model, where, options);
} catch (err) {
if (cb) {
cb(err);
}
return;
}
this._executeAlteringQuery(model, stmt.sql, stmt.params, options, cb || NOOP);
};

Expand Down Expand Up @@ -924,7 +947,15 @@ SQLConnector.prototype._constructUpdateQuery = function(model, where, fields) {
* @param {Function} cb The callback function
*/
SQLConnector.prototype.update = function(model, where, data, options, cb) {
const stmt = this.buildUpdate(model, where, data, options);
let stmt;
try {
stmt = this.buildUpdate(model, where, data, options);
} catch (err) {
if (cb) {
cb(err);
}
return;
}
this._executeAlteringQuery(model, stmt.sql, stmt.params, options, cb || NOOP);
};

Expand All @@ -939,7 +970,15 @@ SQLConnector.prototype.update = function(model, where, data, options, cb) {
*/
SQLConnector.prototype._replace = function(model, where, data, options, cb) {
const self = this;
const stmt = this.buildReplace(model, where, data, options);
let stmt;
try {
stmt = this.buildReplace(model, where, data, options);
} catch (err) {
if (cb) {
cb(err);
}
return;
}
this.execute(stmt.sql, stmt.params, options, function(err, info) {
if (err) return cb(err);
const affectedRows = self.getCountForAffectedRows(model, info);
Expand All @@ -960,6 +999,14 @@ function errorIdNotFoundForReplace(idValue) {
return error;
}

function errorPropertyNotFound(key, model) {
const msg = g.f('Unknown property %s is used for model %s', key, model);
const error = new Error(msg);
error.statusCode = error.status = 400;
error.code = 'UNKNWON_PROPERTY';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo.

Suggested change
error.code = 'UNKNWON_PROPERTY';
error.code = 'UNKNOWN_PROPERTY';

return error;
}

SQLConnector.prototype._executeAlteringQuery = function(model, sql, params, options, cb) {
const self = this;
this.execute(sql, params, options, function(err, info) {
Expand Down Expand Up @@ -1113,9 +1160,11 @@ SQLConnector.prototype._buildWhere = function(model, where) {
}
const p = props[key];
if (p == null) {
// Unknown property, ignore it
debug('Unknown property %s is skipped for model %s', key, model);
continue;
if (self.settings.ignoreUnknownProperties) {
debug('Unknown property %s is skipped for model %s', key, model);
continue;
}
throw errorPropertyNotFound(key, model);
}
// eslint-disable one-var
let expression = where[key];
Expand Down Expand Up @@ -1207,13 +1256,22 @@ SQLConnector.prototype.buildOrderBy = function(model, order) {
if (typeof order === 'string') {
order = [order];
}
const props = self.getModelDefinition(model).properties;
const clauses = [];
for (let i = 0, n = order.length; i < n; i++) {
const t = order[i].split(/[\s,]+/);
const key = t[0];
if (!props[key]) {
if (self.settings.ignoreUnknownProperties) {
debug('Unknown property %s is skipped for model %s', key, model);
continue;
}
throw errorPropertyNotFound(key, model);
}
if (t.length === 1) {
clauses.push(self.columnEscaped(model, order[i]));
clauses.push(self.columnEscaped(model, key));
} else {
clauses.push(self.columnEscaped(model, t[0]) + ' ' + t[1]);
clauses.push(self.columnEscaped(model, key) + ' ' + t[1]);
}
}
return 'ORDER BY ' + clauses.join(',');
Expand Down Expand Up @@ -1456,7 +1514,12 @@ SQLConnector.prototype.all = function find(model, filter, options, cb) {
const self = this;
// Order by id if no order is specified
filter = filter || {};
const stmt = this.buildSelect(model, filter, options);
let stmt;
try {
stmt = this.buildSelect(model, filter, options);
} catch (err) {
return cb(err, []);
}
this.execute(stmt.sql, stmt.params, options, function(err, data) {
if (err) {
return cb(err, []);
Expand Down Expand Up @@ -1537,7 +1600,14 @@ SQLConnector.prototype.count = function(model, where, options, cb) {

let stmt = new ParameterizedSQL('SELECT count(*) as "cnt" FROM ' +
this.tableEscaped(model));
stmt = stmt.merge(this.buildWhere(model, where));
try {
stmt = stmt.merge(this.buildWhere(model, where));
} catch (err) {
if (cb) {
cb(err);
}
return;
}
stmt = this.parameterize(stmt);
this.execute(stmt.sql, stmt.params, options,
function(err, res) {
Expand Down
4 changes: 4 additions & 0 deletions test/connectors/test-sql-connector.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,10 @@ TestConnector.prototype.rollback = function(tx, cb) {
tx.rollback(cb);
};

TestConnector.prototype.getCountForAffectedRows = function() {
return 1;
};

TestConnector.prototype.executeSQL = function(sql, params, options, callback) {
const transaction = options.transaction;
const model = options.model;
Expand Down
154 changes: 146 additions & 8 deletions test/sql.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,24 @@ const ds = new juggler.DataSource({
connector: testConnector,
debug: true,
});
const dsWithIgnore = new juggler.DataSource({
connector: testConnector,
debug: true,
ignoreUnknownProperties: true,
});
/* eslint-disable one-var */
let connector;
let connectorWithIgnore;
let connectorNoSkipProp;
let Customer;
/* eslint-enable one-var */

describe('sql connector', function() {
before(function() {
connector = ds.connector;
connector._tables = {};
connector._models = {};
connectorWithIgnore = dsWithIgnore.connector;
connectorWithIgnore._tables = connector._tables = {};
connectorWithIgnore._models = connector._models = {};
Customer = ds.createModel('customer',
{
name: {
Expand Down Expand Up @@ -247,12 +255,27 @@ describe('sql connector', function() {
});
});

it('builds where and ignores invalid clauses in or', function() {
const where = connector.buildWhere('customer', {
name: 'icecream',
or: [{notAColumnName: ''}, {notAColumnNameEither: ''}],
});
expect(where.sql).to.not.match(/ AND $/);
it('builds where and throws if invalid clauses in or', function() {
expect(() => {
connector.buildWhere('customer', {
name: 'icecream',
or: [{notAColumnName: ''}, {notAColumnNameEither: ''}],
});
}).to.throw('Unknown property notAColumnName is used for model customer')
.to.include({
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
});

it('builds where and ignores if invalid clauses in or', function() {
expect(() => {
connectorWithIgnore.buildWhere('customer', {
name: 'icecream',
or: [{notAColumnName: ''}, {notAColumnNameEither: ''}],
});
}).to.not.throw();
});

it('builds order by with one field', function() {
Expand All @@ -270,6 +293,57 @@ describe('sql connector', function() {
expect(orderBy).to.eql('ORDER BY `NAME` ASC,`VIP` DESC');
});

it('builds order by with non existent field throws', function() {
expect(() => {
connector.buildOrderBy('customer', ['nam?e', 'name']);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have mixed feeling about the value nam?e, I believe it's not a valid property name in LoopBack. Can you please use a different property name, for example unknown?

Suggested change
connector.buildOrderBy('customer', ['nam?e', 'name']);
connector.buildOrderBy('customer', ['unknown', 'name']);

}).to.throw('Unknown property nam?e is used for model customer')
.to.include({
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
});

it('builds order by with non existent field with direction throws', function() {
expect(() => {
connector.buildOrderBy('customer', ['nam?e ASC', 'name']);
}).to.throw('Unknown property nam?e is used for model customer')
.to.include({
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
});

it('builds order by with only non existent fields throws', function() {
expect(() => {
connector.buildOrderBy('customer', ['nam?e', 'n?ame', '?name DESC']);
}).to.throw('Unknown property nam?e is used for model customer')
.to.include({
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
});

it('builds order by with non existent field ignores', function() {
expect(() => {
connectorWithIgnore.buildOrderBy('customer', ['nam?e', 'name']);
}).to.not.throw();
});

it('builds order by with non existent field with direction ignores', function() {
expect(() => {
connectorWithIgnore.buildOrderBy('customer', ['nam?e ASC', 'name']);
}).to.not.throw();
});

it('builds order by with only non existent fields ignores', function() {
expect(() => {
connectorWithIgnore.buildOrderBy('customer', ['nam?e', 'n?ame', '?name DESC']);
}).to.not.throw();
});

it('builds fields for columns', function() {
const fields = connector.buildFields('customer',
{name: 'John', vip: true, unknown: 'Random'});
Expand Down Expand Up @@ -503,4 +577,68 @@ describe('sql connector', function() {
expect(function() { runExecute(); }).to.not.throw();
ds.connected = true;
});

it('should throw if invalid order by statement is used by all', function(done) {
connector.all('customer', {order: 'n?ame'}, {}, (err) => {
expect(err).to.include({
message: 'Unknown property n?ame is used for model customer',
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
done();
});
});

it('should throw if invalid where statement is used by count', function(done) {
connector.count('customer', {'n?ame': 1}, {}, (err) => {
expect(err).to.include({
message: 'Unknown property n?ame is used for model customer',
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
done();
});
});

it('should throw if invalid where statement is used by update', function(done) {
connector.update('customer', {'n?ame': 1}, {name: 5}, {}, (err) => {
expect(err).to.include({
message: 'Unknown property n?ame is used for model customer',
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
done();
});
});

it('should throw if invalid where statement is used by destroyAll', function(done) {
connector.destroyAll('customer', {'n?ame': 1}, {}, (err) => {
expect(err).to.include({
message: 'Unknown property n?ame is used for model customer',
code: 'UNKNWON_PROPERTY',
statusCode: 400,
status: 400,
});
done();
});
});

it('should ignore if invalid order by statement is used by all', function(done) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If find it a bit difficult to spot why some tests are ignoring invalid statements while others are throwing an error. Can you please group the tests for "should ignore" using describe block?

describe('with ignoreUnknownProperties: true', () => {
  it('should ignore if invalid order by statement is used by all', function(done) {
    // ...
  });
  // ...
});

connectorWithIgnore.all('customer', {order: 'n?ame'}, {}, done);
});

it('should ignore if invalid where statement is used by count', function(done) {
connectorWithIgnore.count('customer', {'n?ame': 1}, {}, done);
});

it('should ignore if invalid where statement is used by update', function(done) {
connectorWithIgnore.update('customer', {'n?ame': 1}, {name: 5}, {}, done);
});

it('should ignore if invalid where statement is used by destroyAll', function(done) {
connectorWithIgnore.destroyAll('customer', {'n?ame': 1}, {}, done);
});
});