[GitHub] [hive] veghlaci05 commented on a diff in pull request #3513: HIVE-26443: Add priority queueing to compaction

Mon, 22 Aug 2022 03:05:41 -0700 


veghlaci05 commented on code in PR #3513:
URL: https://github.com/apache/hive/pull/3513#discussion_r951251996


##########
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/txn/CompactionTxnHandler.java:
##########
@@ -229,17 +231,33 @@ public CompactionInfo 
findNextToCompact(FindNextCompactRequest rqst) throws Meta
       }
 
       Connection dbConn = null;
-      Statement stmt = null;
+      PreparedStatement stmt = null;
       //need a separate stmt for executeUpdate() otherwise it will close the 
ResultSet(HIVE-12725)
       Statement updStmt = null;
       ResultSet rs = null;
+
+      long poolTimeout = MetastoreConf.getTimeVar(conf, 
ConfVars.COMPACTOR_WORKER_POOL_TIMEOUT, TimeUnit.MILLISECONDS);
+
       try {
         dbConn = getDbConn(Connection.TRANSACTION_READ_COMMITTED, 
connPoolCompaction);
-        stmt = dbConn.createStatement();
-        String query = "SELECT \"CQ_ID\", \"CQ_DATABASE\", \"CQ_TABLE\", 
\"CQ_PARTITION\", " +
-          "\"CQ_TYPE\", \"CQ_TBLPROPERTIES\" FROM \"COMPACTION_QUEUE\" WHERE 
\"CQ_STATE\" = '" + INITIATED_STATE + "'";
+        StringBuilder sb = new StringBuilder();
+        sb.append("SELECT \"CQ_ID\", \"CQ_DATABASE\", \"CQ_TABLE\", 
\"CQ_PARTITION\", " +
+          "\"CQ_TYPE\", \"CQ_POOL_NAME\", \"CQ_TBLPROPERTIES\" FROM 
\"COMPACTION_QUEUE\" WHERE \"CQ_STATE\" = '" + INITIATED_STATE + "' AND ");
+        boolean hasPoolName = 
org.apache.commons.lang3.StringUtils.isNotBlank(rqst.getPoolName());
+        if(hasPoolName) {
+          sb.append("\"CQ_POOL_NAME\"=?");
+        } else {
+          sb.append("\"CQ_POOL_NAME\" is null OR  \"CQ_ENQUEUE_TIME\" < (")
+            .append(getEpochFn(dbProduct)).append(" - 
").append(poolTimeout).append(")");
+        }
+        String query = sb.toString();
+        stmt = dbConn.prepareStatement(query);
+        if (hasPoolName) {
+          stmt.setString(1, rqst.getPoolName());

Review Comment:
   I did not want to directly concatenate the pool name filtering into the SQL 
statement. Pool name can be passed as a part of the `ALTER TABLE COMPACT` 
command, and therefore could be a target of SQL injection attempts.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to