Re: [PR] Raw SQL Support on HTTP endpoints (druid)

Thu, 01 May 2025 02:10:47 -0700 


github-advanced-security[bot] commented on code in PR #17937:
URL: https://github.com/apache/druid/pull/17937#discussion_r2070027341


##########
sql/src/main/java/org/apache/druid/sql/http/SqlQuery.java:
##########
@@ -200,4 +216,135 @@
   {
     return new SqlQuery(query, resultFormat, header, typesHeader, 
sqlTypesHeader, newContext, parameters);
   }
+
+  /**
+   * Extract SQL query object or SQL text from an HTTP Request
+   */
+  @FunctionalInterface
+  interface ISqlQueryExtractor<T>
+  {
+    T extract() throws IOException;
+  }
+
+  /**
+   * For BROKERs to use.
+   * <p>
+   * Brokers use com.sun.jersey upon Jetty for RESTful API, however jersey 
internally has special handling for x-www-form-urlencoded,
+   * it's not able to get the data from the stream of HttpServletRequest for 
such content type.
+   * So we use HttpContext to get the request entity/string instead of using 
HttpServletRequest.
+   *
+   * @throws HttpException       if the content type is not supported
+   * @throws BadRequestException if the SQL query is malformed or fail to read 
from the request
+   */
+  public static SqlQuery from(HttpContext httpContext) throws HttpException
+  {
+    return from(
+        
httpContext.getRequest().getRequestHeaders().getFirst(HttpHeaders.CONTENT_TYPE),
+        () -> {
+          try {
+            return httpContext.getRequest().getEntity(SqlQuery.class);
+          }
+          catch (ContainerException e) {
+            if (e.getCause() instanceof JsonParseException) {
+              throw new HttpException(
+                  Response.Status.BAD_REQUEST,
+                  StringUtils.format("Malformed SQL query wrapped in JSON: 
%s", e.getCause().getMessage())
+              );
+            } else {
+              throw e;
+            }
+          }
+        },
+        () -> httpContext.getRequest().getEntity(String.class)
+    );
+  }
+
+  /**
+   * For Router to use
+   *
+   * @throws HttpException if the content type is not supported
+   * @throws IOException   if the SQL query is malformed or fail to read from 
the request

Review Comment:
   ## Javadoc has impossible 'throws' tag
   
   Javadoc for from claims to throw IOException but this is impossible.
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/9158)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to