[jira] [Created] (IGNITE-28730) SQL heavy query warnings should include bind parameters when sensitive logging is enabled

Wed, 27 May 2026 14:07:50 -0700 

Ignite TC Bot created IGNITE-28730:
--------------------------------------

             Summary: SQL heavy query warnings should include bind parameters 
when sensitive logging is enabled
                 Key: IGNITE-28730
                 URL: https://issues.apache.org/jira/browse/IGNITE-28730
             Project: Ignite
          Issue Type: Improvement
            Reporter: Ignite TC Bot


When Ignite logs heavy SQL query warnings, for example "Query produced big 
result set", the message contains SQL text and plan but does not include bound 
parameter values:

{code}
Query produced big result set. [globalQueryId=..., fetched=100000, ..., 
sql='SELECT ... WHERE BRANCHNAME = ?1', plan=... WHERE __Z0.BRANCHNAME = ?1, 
...]
{code}

This makes production diagnostics harder: the warning identifies the query 
shape, but not the concrete parameter value that caused a large result set or a 
long-running execution.

Current behavior:
* The warning is emitted by HeavyQueriesTracker.ResultSetChecker via 
TrackableQuery.queryInfo(...).
* H2 query warnings are formatted by H2QueryInfo.queryInfo(...).
* H2QueryInfo carries sql, plan, schema, initiatorId and ids, but does not 
carry QueryParameters.arguments() or map-query parameters.
* As a result, enabling IGNITE_TO_STRING_INCLUDE_SENSITIVE=true can expose 
sensitive values in generic toString()/SQL-constant paths, but it does not 
reveal JDBC/SQL bind parameters in these warnings.

Expected behavior:
* When IGNITE_TO_STRING_INCLUDE_SENSITIVE=true, heavy query warnings should 
include bind parameter values or a dedicated params=[...] section.
* When the flag is false, parameters must remain hidden/redacted.
* The behavior should cover at least H2 LOCAL/MAP/REDUCE query info paths used 
by long-query and big-result-set warnings.

Suggested implementation direction:
* Extend TrackableQuery/H2QueryInfo or H2-specific query info constructors to 
carry a sanitized representation of query arguments.
* Pass QueryParameters.arguments() for local/reduce paths and the per-map 
GridCacheSqlQuery parameters used in GridMapQueryExecutor.
* Format params only under QueryUtils.includeSensitive() / 
S.includeSensitive(), with collection length and string length limits 
consistent with Ignite toString policies.
* Add tests for big-result-set and/or long-query warnings with 
IGNITE_TO_STRING_INCLUDE_SENSITIVE enabled and disabled.

Relevant code areas:
* 
org.apache.ignite.internal.processors.query.running.HeavyQueriesTracker.ResultSetChecker
* org.apache.ignite.internal.processors.query.h2.H2QueryInfo#queryInfo
* org.apache.ignite.internal.processors.query.h2.MapH2QueryInfo
* org.apache.ignite.internal.processors.query.h2.twostep.GridMapQueryExecutor
* org.apache.ignite.internal.processors.query.h2.QueryParameters



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to