Re: [PR] Expected-linear-time LIKE (druid)

Mon, 18 Mar 2024 13:05:28 -0700 


github-advanced-security[bot] commented on code in PR #16153:
URL: https://github.com/apache/druid/pull/16153#discussion_r1529194764


##########
processing/src/main/java/org/apache/druid/query/filter/LikeDimFilter.java:
##########
@@ -324,13 +364,104 @@
       return suffixMatch;
     }
 
+    @VisibleForTesting
+    String describeCompilation()
+    {
+      StringBuilder description = new StringBuilder();
+
+      description.append(likePattern).append(" => ");
+      description.append(prefix).append(':');
+
+      Iterator<LikePattern> iterator = pattern.iterator();
+      while (iterator.hasNext()) {
+        description.append(iterator.next());
+
+        if (iterator.hasNext()) {
+          description.append('|');
+        }
+      }
+
+      return description.toString();
+    }
+
+    private static class LikePattern
+    {
+      public enum PatternType
+      {
+        STARTS_WITH {
+          @Override
+          int advance(int offset, String haystack, String needle)
+          {
+            return haystack.regionMatches(offset, needle, 0, needle.length()) 
? offset + needle.length() : -1;
+          }
+        },
+        CONTAINS {
+          @Override
+          int advance(int offset, String haystack, String needle)
+          {
+            int matchStart = haystack.indexOf(needle, offset);
+
+            return matchStart == -1 ? -1 : matchStart + needle.length();
+          }
+        };
+
+        abstract int advance(int offset, String haystack, String needle);
+      }
+
+      private final PatternType patternType;
+      private final String clause;
+      private final int leadingLength;
+
+      public LikePattern(PatternType patternType, String clause, int 
leadingLength)
+      {
+        this.patternType = patternType;
+        this.clause = clause;
+        this.leadingLength = leadingLength;
+      }
+
+      public int advance(String value, int offset)
+      {
+        return patternType.advance(offset + leadingLength, value, clause);

Review Comment:
   ## User-controlled data in arithmetic expression
   
   This arithmetic expression depends on a [user-provided value](1), 
potentially causing an overflow.
   This arithmetic expression depends on a [user-provided value](2), 
potentially causing an overflow.
   
   [Show more 
details](https://github.com/apache/druid/security/code-scanning/7146)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to