Repository: hive Updated Branches: refs/heads/master f404b0ddf -> cfdb433bc
HIVE-20444: Parameter is not properly quoted in DbNotificationListener.addWriteNotificationLog (Daniel Dai, reviewed by mahesh kumar behera, Sankar Hariappan) Project: http://git-wip-us.apache.org/repos/asf/hive/repo Commit: http://git-wip-us.apache.org/repos/asf/hive/commit/cfdb433b Tree: http://git-wip-us.apache.org/repos/asf/hive/tree/cfdb433b Diff: http://git-wip-us.apache.org/repos/asf/hive/diff/cfdb433b Branch: refs/heads/master Commit: cfdb433bc1e306161996be10636da8854d682d72 Parents: f404b0d Author: Daniel Dai <[email protected]> Authored: Fri Sep 21 14:43:47 2018 -0700 Committer: Daniel Dai <[email protected]> Committed: Fri Sep 21 14:43:47 2018 -0700 ---------------------------------------------------------------------- .../listener/DbNotificationListener.java | 57 +++++++++++++------- 1 file changed, 39 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hive/blob/cfdb433b/hcatalog/server-extensions/src/main/java/org/apache/hive/hcatalog/listener/DbNotificationListener.java ---------------------------------------------------------------------- diff --git a/hcatalog/server-extensions/src/main/java/org/apache/hive/hcatalog/listener/DbNotificationListener.java b/hcatalog/server-extensions/src/main/java/org/apache/hive/hcatalog/listener/DbNotificationListener.java index 4f8f1ab..369d9a4 100644 --- a/hcatalog/server-extensions/src/main/java/org/apache/hive/hcatalog/listener/DbNotificationListener.java +++ b/hcatalog/server-extensions/src/main/java/org/apache/hive/hcatalog/listener/DbNotificationListener.java @@ -19,6 +19,7 @@ package org.apache.hive.hcatalog.listener; import java.io.IOException; import java.sql.Connection; +import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; @@ -729,7 +730,8 @@ public class DbNotificationListener extends TransactionalMetaStoreEventListener LOG.debug("DbNotificationListener: adding write notification log for : {}", event.getMessage()); assert ((dbConn != null) && (sqlGenerator != null)); - Statement stmt =null; + Statement stmt = null; + PreparedStatement pst = null; ResultSet rs = null; String dbName = acidWriteEvent.getDatabase(); String tblName = acidWriteEvent.getTable(); @@ -755,16 +757,26 @@ public class DbNotificationListener extends TransactionalMetaStoreEventListener // if rs is empty then no lock is taken and thus it can not cause deadlock. long nextNLId = getNextNLId(stmt, sqlGenerator, "org.apache.hadoop.hive.metastore.model.MTxnWriteNotificationLog"); - s = "insert into \"TXN_WRITE_NOTIFICATION_LOG\" (\"WNL_ID\", \"WNL_TXNID\", \"WNL_WRITEID\"," + - " \"WNL_DATABASE\", \"WNL_TABLE\"," + - " \"WNL_PARTITION\", \"WNL_TABLE_OBJ\", \"WNL_PARTITION_OBJ\", \"WNL_FILES\", \"WNL_EVENT_TIME\")" + - " values (" + nextNLId - + "," + acidWriteEvent.getTxnId() + "," + acidWriteEvent.getWriteId()+ "," + - quoteString(dbName)+ "," + quoteString(tblName)+ "," + quoteString(partition)+ "," + - quoteString(tableObj)+ "," + quoteString(partitionObj) + "," + quoteString(files)+ - "," + now() + ")"; - LOG.info("Going to execute insert <" + s + ">"); - stmt.execute(sqlGenerator.addEscapeCharacters(s)); + s = "insert into \"TXN_WRITE_NOTIFICATION_LOG\" " + + "(\"WNL_ID\", \"WNL_TXNID\", \"WNL_WRITEID\", \"WNL_DATABASE\", \"WNL_TABLE\", " + + "\"WNL_PARTITION\", \"WNL_TABLE_OBJ\", \"WNL_PARTITION_OBJ\", " + + "\"WNL_FILES\", \"WNL_EVENT_TIME\") VALUES (?,?,?,?,?,?,?,?,?,?)"; + int currentTime = now(); + pst = dbConn.prepareStatement(sqlGenerator.addEscapeCharacters(s)); + pst.setLong(1, nextNLId); + pst.setLong(2, acidWriteEvent.getTxnId()); + pst.setLong(3, acidWriteEvent.getWriteId()); + pst.setString(4, dbName); + pst.setString(5, tblName); + pst.setString(6, partition); + pst.setString(7, tableObj); + pst.setString(8, partitionObj); + pst.setString(9, files); + pst.setInt(10, currentTime); + LOG.info("Going to execute insert <" + s.replaceAll("\\?", "{}") + ">", nextNLId + , acidWriteEvent.getTxnId(), acidWriteEvent.getWriteId(), quoteString(dbName), quoteString(tblName), + quoteString(partition), quoteString(tableObj), quoteString(partitionObj), quoteString(files), currentTime); + pst.execute(); } else { String existingFiles = rs.getString(1); if (existingFiles.contains(sqlGenerator.addEscapeCharacters(files))) { @@ -774,20 +786,29 @@ public class DbNotificationListener extends TransactionalMetaStoreEventListener return; } long nlId = rs.getLong(2); + int currentTime = now(); files = ReplChangeManager.joinWithSeparator(Lists.newArrayList(files, existingFiles)); - s = "update \"TXN_WRITE_NOTIFICATION_LOG\" set \"WNL_TABLE_OBJ\" = " + quoteString(tableObj) + "," + - " \"WNL_PARTITION_OBJ\" = " + quoteString(partitionObj) + "," + - " \"WNL_FILES\" = " + quoteString(files) + "," + - " \"WNL_EVENT_TIME\" = " + now() + - " where \"WNL_ID\" = " + nlId; - LOG.info("Going to execute update <" + s + ">"); - stmt.executeUpdate(sqlGenerator.addEscapeCharacters(s)); + s = "update \"TXN_WRITE_NOTIFICATION_LOG\" set \"WNL_TABLE_OBJ\" = ? ," + + " \"WNL_PARTITION_OBJ\" = ? ," + + " \"WNL_FILES\" = ? ," + + " \"WNL_EVENT_TIME\" = ?" + + " where \"WNL_ID\" = ?"; + pst = dbConn.prepareStatement(sqlGenerator.addEscapeCharacters(s)); + pst.setString(1, tableObj); + pst.setString(2, partitionObj); + pst.setString(3, files); + pst.setInt(4, currentTime); + pst.setLong(5, nlId); + LOG.info("Going to execute update <" + s.replaceAll("\\?", "{}") + ">", quoteString(tableObj), + quoteString(partitionObj), quoteString(files), currentTime, nlId); + pst.executeUpdate(); } } catch (SQLException e) { LOG.warn("failed to add write notification log" + e.getMessage()); throw e; } finally { closeStmt(stmt); + closeStmt(pst); close(rs); } }
