github-advanced-security[bot] commented on code in PR #7865: URL: https://github.com/apache/incubator-seata/pull/7865#discussion_r2618936210
########## test-suite/seata-benchmark-cli/src/main/java/org/apache/seata/benchmark/executor/ATModeExecutor.java: ########## @@ -0,0 +1,247 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.seata.benchmark.executor; + +import com.zaxxer.hikari.HikariConfig; +import com.zaxxer.hikari.HikariDataSource; +import org.apache.seata.benchmark.BenchmarkConstants; +import org.apache.seata.benchmark.config.BenchmarkConfig; +import org.apache.seata.rm.datasource.DataSourceProxy; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testcontainers.containers.MySQLContainer; +import org.testcontainers.utility.DockerImageName; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.SQLException; +import java.sql.Statement; + +/** + * AT mode transaction executor supporting both empty and real transaction modes + * - branches == 0: Empty transaction mode (pure Seata protocol overhead testing) + * - branches > 0: Real mode with MySQL database (via Testcontainers) + */ +public class ATModeExecutor extends AbstractTransactionExecutor { + + private static final Logger LOGGER = LoggerFactory.getLogger(ATModeExecutor.class); + + private MySQLContainer<?> mysqlContainer; + private HikariDataSource rawDataSource; + private DataSourceProxy dataSourceProxy; + + public ATModeExecutor(BenchmarkConfig config) { + super(config); + } + + private boolean isRealMode() { + return config.getBranches() > 0; + } + + @Override + public void init() { + if (isRealMode()) { + LOGGER.info("Initializing AT mode executor (MySQL via Testcontainers)"); + initRealMode(); + } else { + LOGGER.info("AT mode executor initialized (empty transaction mode)"); + } + } + + private void initRealMode() { + // Start MySQL container + startMySQLContainer(); + + // Create HikariCP connection pool + createDataSource(); + + // Initialize database schema and data + initDatabase(); + + // Wrap with Seata DataSourceProxy for AT mode + dataSourceProxy = new DataSourceProxy(rawDataSource); + + LOGGER.info("DataSourceProxy initialized, dbType: {}", dataSourceProxy.getDbType()); + LOGGER.info("Real AT mode executor initialized with {} accounts", BenchmarkConstants.ACCOUNT_COUNT); + } + + private void startMySQLContainer() { + LOGGER.info("Starting MySQL container..."); + mysqlContainer = new MySQLContainer<>(DockerImageName.parse("mysql:8.0")) + .withDatabaseName("benchmark") + .withUsername("test") + .withPassword("test") + .withCommand("--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"); + + mysqlContainer.start(); + + LOGGER.info("MySQL container started: {}", mysqlContainer.getJdbcUrl()); + } + + private void createDataSource() { + HikariConfig hikariConfig = new HikariConfig(); + hikariConfig.setJdbcUrl(mysqlContainer.getJdbcUrl()); + hikariConfig.setUsername(mysqlContainer.getUsername()); + hikariConfig.setPassword(mysqlContainer.getPassword()); + hikariConfig.setDriverClassName("com.mysql.cj.jdbc.Driver"); + hikariConfig.setMaximumPoolSize(config.getThreads() * 2); + hikariConfig.setMinimumIdle(config.getThreads()); + hikariConfig.setConnectionTimeout(30000); + hikariConfig.setIdleTimeout(600000); + hikariConfig.setMaxLifetime(1800000); + + rawDataSource = new HikariDataSource(hikariConfig); + LOGGER.info("HikariCP DataSource created"); + } + + private void initDatabase() { + try (Connection conn = rawDataSource.getConnection(); + Statement stmt = conn.createStatement()) { + + // Create accounts table + stmt.execute("CREATE TABLE IF NOT EXISTS accounts (" + + "id BIGINT PRIMARY KEY, " + + "balance INT NOT NULL, " + + "updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP" + + ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); + + // Create undo_log table for Seata AT mode (MySQL syntax) + stmt.execute("CREATE TABLE IF NOT EXISTS undo_log (" + + "branch_id BIGINT NOT NULL, " + + "xid VARCHAR(128) NOT NULL, " + + "context VARCHAR(128) NOT NULL, " + + "rollback_info LONGBLOB NOT NULL, " + + "log_status INT NOT NULL, " + + "log_created DATETIME(6) NOT NULL, " + + "log_modified DATETIME(6) NOT NULL, " + + "UNIQUE KEY ux_undo_log (xid, branch_id)" + + ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); + + // Insert test data + stmt.execute("TRUNCATE TABLE accounts"); + try (PreparedStatement pstmt = conn.prepareStatement("INSERT INTO accounts (id, balance) VALUES (?, ?)")) { + for (int i = 1; i <= BenchmarkConstants.ACCOUNT_COUNT; i++) { + pstmt.setLong(1, i); + pstmt.setInt(2, BenchmarkConstants.INITIAL_BALANCE); + pstmt.addBatch(); + if (i % 100 == 0) { + pstmt.executeBatch(); + } + } + pstmt.executeBatch(); + } + + LOGGER.info( + "Database initialized: {} accounts with balance {}", + BenchmarkConstants.ACCOUNT_COUNT, + BenchmarkConstants.INITIAL_BALANCE); + + } catch (SQLException e) { + throw new RuntimeException("Failed to initialize database", e); + } + } + + @Override + protected String getTransactionName() { + return isRealMode() ? "benchmark-real-at-tx" : "benchmark-at-tx"; + } + + @Override + protected int getBranchCount() { + return config.getBranches(); + } + + @Override + protected void executeBusinessLogic() throws Exception { + if (isRealMode()) { + executeBranchOperations(config.getBranches()); + } + // Empty mode: do nothing (pure Seata protocol overhead testing) + } + + private void executeBranchOperations(int branchCount) throws SQLException { + // Execute N branch operations (simulating distributed transaction branches) + for (int i = 0; i < branchCount; i++) { + executeSingleBranch(); + } + } + + private void executeSingleBranch() throws SQLException { + // Use DataSourceProxy connection to enable AT mode + try (Connection conn = dataSourceProxy.getConnection()) { + conn.setAutoCommit(false); + + // Transfer between two random accounts + long fromAccount = (RANDOM.nextInt(BenchmarkConstants.ACCOUNT_COUNT) + 1); + long toAccount = (RANDOM.nextInt(BenchmarkConstants.ACCOUNT_COUNT) + 1); + while (toAccount == fromAccount) { Review Comment: ## Insecure randomness Potential Insecure randomness due to a [Insecure randomness source.](1). [Show more details](https://github.com/apache/incubator-seata/security/code-scanning/54) ########## test-suite/seata-benchmark-cli/src/main/java/org/apache/seata/benchmark/executor/ATModeExecutor.java: ########## @@ -0,0 +1,247 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.seata.benchmark.executor; + +import com.zaxxer.hikari.HikariConfig; +import com.zaxxer.hikari.HikariDataSource; +import org.apache.seata.benchmark.BenchmarkConstants; +import org.apache.seata.benchmark.config.BenchmarkConfig; +import org.apache.seata.rm.datasource.DataSourceProxy; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testcontainers.containers.MySQLContainer; +import org.testcontainers.utility.DockerImageName; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.SQLException; +import java.sql.Statement; + +/** + * AT mode transaction executor supporting both empty and real transaction modes + * - branches == 0: Empty transaction mode (pure Seata protocol overhead testing) + * - branches > 0: Real mode with MySQL database (via Testcontainers) + */ +public class ATModeExecutor extends AbstractTransactionExecutor { + + private static final Logger LOGGER = LoggerFactory.getLogger(ATModeExecutor.class); + + private MySQLContainer<?> mysqlContainer; + private HikariDataSource rawDataSource; + private DataSourceProxy dataSourceProxy; + + public ATModeExecutor(BenchmarkConfig config) { + super(config); + } + + private boolean isRealMode() { + return config.getBranches() > 0; + } + + @Override + public void init() { + if (isRealMode()) { + LOGGER.info("Initializing AT mode executor (MySQL via Testcontainers)"); + initRealMode(); + } else { + LOGGER.info("AT mode executor initialized (empty transaction mode)"); + } + } + + private void initRealMode() { + // Start MySQL container + startMySQLContainer(); + + // Create HikariCP connection pool + createDataSource(); + + // Initialize database schema and data + initDatabase(); + + // Wrap with Seata DataSourceProxy for AT mode + dataSourceProxy = new DataSourceProxy(rawDataSource); + + LOGGER.info("DataSourceProxy initialized, dbType: {}", dataSourceProxy.getDbType()); + LOGGER.info("Real AT mode executor initialized with {} accounts", BenchmarkConstants.ACCOUNT_COUNT); + } + + private void startMySQLContainer() { + LOGGER.info("Starting MySQL container..."); + mysqlContainer = new MySQLContainer<>(DockerImageName.parse("mysql:8.0")) + .withDatabaseName("benchmark") + .withUsername("test") + .withPassword("test") + .withCommand("--character-set-server=utf8mb4", "--collation-server=utf8mb4_unicode_ci"); + + mysqlContainer.start(); + + LOGGER.info("MySQL container started: {}", mysqlContainer.getJdbcUrl()); + } + + private void createDataSource() { + HikariConfig hikariConfig = new HikariConfig(); + hikariConfig.setJdbcUrl(mysqlContainer.getJdbcUrl()); + hikariConfig.setUsername(mysqlContainer.getUsername()); + hikariConfig.setPassword(mysqlContainer.getPassword()); + hikariConfig.setDriverClassName("com.mysql.cj.jdbc.Driver"); + hikariConfig.setMaximumPoolSize(config.getThreads() * 2); + hikariConfig.setMinimumIdle(config.getThreads()); + hikariConfig.setConnectionTimeout(30000); + hikariConfig.setIdleTimeout(600000); + hikariConfig.setMaxLifetime(1800000); + + rawDataSource = new HikariDataSource(hikariConfig); + LOGGER.info("HikariCP DataSource created"); + } + + private void initDatabase() { + try (Connection conn = rawDataSource.getConnection(); + Statement stmt = conn.createStatement()) { + + // Create accounts table + stmt.execute("CREATE TABLE IF NOT EXISTS accounts (" + + "id BIGINT PRIMARY KEY, " + + "balance INT NOT NULL, " + + "updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP" + + ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); + + // Create undo_log table for Seata AT mode (MySQL syntax) + stmt.execute("CREATE TABLE IF NOT EXISTS undo_log (" + + "branch_id BIGINT NOT NULL, " + + "xid VARCHAR(128) NOT NULL, " + + "context VARCHAR(128) NOT NULL, " + + "rollback_info LONGBLOB NOT NULL, " + + "log_status INT NOT NULL, " + + "log_created DATETIME(6) NOT NULL, " + + "log_modified DATETIME(6) NOT NULL, " + + "UNIQUE KEY ux_undo_log (xid, branch_id)" + + ") ENGINE=InnoDB DEFAULT CHARSET=utf8mb4"); + + // Insert test data + stmt.execute("TRUNCATE TABLE accounts"); + try (PreparedStatement pstmt = conn.prepareStatement("INSERT INTO accounts (id, balance) VALUES (?, ?)")) { + for (int i = 1; i <= BenchmarkConstants.ACCOUNT_COUNT; i++) { + pstmt.setLong(1, i); + pstmt.setInt(2, BenchmarkConstants.INITIAL_BALANCE); + pstmt.addBatch(); + if (i % 100 == 0) { + pstmt.executeBatch(); + } + } + pstmt.executeBatch(); + } + + LOGGER.info( + "Database initialized: {} accounts with balance {}", + BenchmarkConstants.ACCOUNT_COUNT, + BenchmarkConstants.INITIAL_BALANCE); + + } catch (SQLException e) { + throw new RuntimeException("Failed to initialize database", e); + } + } + + @Override + protected String getTransactionName() { + return isRealMode() ? "benchmark-real-at-tx" : "benchmark-at-tx"; + } + + @Override + protected int getBranchCount() { + return config.getBranches(); + } + + @Override + protected void executeBusinessLogic() throws Exception { + if (isRealMode()) { + executeBranchOperations(config.getBranches()); + } + // Empty mode: do nothing (pure Seata protocol overhead testing) + } + + private void executeBranchOperations(int branchCount) throws SQLException { + // Execute N branch operations (simulating distributed transaction branches) + for (int i = 0; i < branchCount; i++) { + executeSingleBranch(); + } + } + + private void executeSingleBranch() throws SQLException { + // Use DataSourceProxy connection to enable AT mode + try (Connection conn = dataSourceProxy.getConnection()) { + conn.setAutoCommit(false); + + // Transfer between two random accounts + long fromAccount = (RANDOM.nextInt(BenchmarkConstants.ACCOUNT_COUNT) + 1); + long toAccount = (RANDOM.nextInt(BenchmarkConstants.ACCOUNT_COUNT) + 1); + while (toAccount == fromAccount) { Review Comment: ## Insecure randomness Potential Insecure randomness due to a [Insecure randomness source.](1). Potential Insecure randomness due to a [Insecure randomness source.](2). [Show more details](https://github.com/apache/incubator-seata/security/code-scanning/53) ########## test-suite/seata-benchmark-cli/src/main/java/org/apache/seata/benchmark/executor/SagaModeExecutor.java: ########## @@ -0,0 +1,303 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.seata.benchmark.executor; + +import org.apache.seata.benchmark.config.BenchmarkConfig; +import org.apache.seata.benchmark.model.TransactionRecord; +import org.apache.seata.benchmark.saga.BenchmarkServiceInvoker; +import org.apache.seata.benchmark.saga.InventorySagaService; +import org.apache.seata.benchmark.saga.OrderSagaService; +import org.apache.seata.benchmark.saga.PaymentSagaService; +import org.apache.seata.benchmark.saga.SimpleSpelExpressionFactory; +import org.apache.seata.core.exception.TransactionException; +import org.apache.seata.core.model.GlobalStatus; +import org.apache.seata.saga.engine.StateMachineEngine; +import org.apache.seata.saga.engine.config.AbstractStateMachineConfig; +import org.apache.seata.saga.engine.expression.ExpressionFactoryManager; +import org.apache.seata.saga.engine.impl.ProcessCtrlStateMachineEngine; +import org.apache.seata.saga.statelang.domain.DomainConstants; +import org.apache.seata.saga.statelang.domain.ExecutionStatus; +import org.apache.seata.saga.statelang.domain.StateMachineInstance; +import org.apache.seata.tm.api.GlobalTransaction; +import org.apache.seata.tm.api.GlobalTransactionContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import java.io.InputStream; +import java.math.BigDecimal; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; +import java.util.concurrent.atomic.AtomicLong; + +/** + * Saga mode transaction executor supporting both mock and real modes + * - branches == 0: Mock mode (simplified Saga simulation without state machine) + * - branches > 0: Real mode (state machine engine with compensation support) + */ +public class SagaModeExecutor implements TransactionExecutor { + + private static final Logger LOGGER = LoggerFactory.getLogger(SagaModeExecutor.class); + private static final Random RANDOM = new Random(); + private static final AtomicLong BUSINESS_KEY_COUNTER = new AtomicLong(0); + + private static final String SIMPLE_SAGA_NAME = "benchmarkSimpleSaga"; + private static final String ORDER_SAGA_NAME = "benchmarkOrderSaga"; + + private final BenchmarkConfig config; + private StateMachineEngine stateMachineEngine; + private BenchmarkStateMachineConfig stateMachineConfig; + + public SagaModeExecutor(BenchmarkConfig config) { + this.config = config; + } + + private boolean isRealMode() { + return config.getBranches() > 0; + } + + @Override + public void init() { + if (isRealMode()) { + initRealMode(); + } else { + LOGGER.info("Saga mode executor initialized (simplified mock mode)"); + LOGGER.info("Note: Full Saga annotation support requires Spring framework integration"); + } + } + + private void initRealMode() { + LOGGER.info("Initializing Real Saga mode executor with state machine engine"); + + try { + // Create and configure state machine config + stateMachineConfig = new BenchmarkStateMachineConfig(); + stateMachineConfig.setRollbackPercentage(config.getRollbackPercentage()); + stateMachineConfig.init(); + + // Create state machine engine + ProcessCtrlStateMachineEngine engine = new ProcessCtrlStateMachineEngine(); + engine.setStateMachineConfig(stateMachineConfig); + this.stateMachineEngine = engine; + + LOGGER.info("Real Saga mode executor initialized"); + LOGGER.info("Available state machines: {}, {}", SIMPLE_SAGA_NAME, ORDER_SAGA_NAME); + + } catch (Exception e) { + throw new RuntimeException("Failed to initialize Saga state machine engine", e); + } + } + + @Override + public TransactionRecord execute() { + if (isRealMode()) { + return executeRealMode(); + } else { + return executeMockMode(); + } + } + + private TransactionRecord executeMockMode() { + GlobalTransaction tx = GlobalTransactionContext.getCurrentOrCreate(); + long startTime = System.currentTimeMillis(); + String xid = null; + String status = "Unknown"; + int branchCount = config.getBranches(); + boolean success = false; + + try { + tx.begin(30000, "benchmark-saga-tx"); + xid = tx.getXid(); + + // Simulate Saga actions (forward phase) + for (int i = 0; i < branchCount; i++) { + simulateSagaAction(i); + } + + if (shouldRollback()) { + // Simulate compensation (backward phase) + for (int i = branchCount - 1; i >= 0; i--) { + simulateCompensation(i); + } + tx.rollback(); + status = "Compensated"; + } else { + tx.commit(); + status = "Committed"; + success = true; + } + + } catch (TransactionException e) { + LOGGER.debug("Transaction failed: {}", e.getMessage()); + status = "Failed"; + try { + if (tx.getStatus() != GlobalStatus.Rollbacked && tx.getStatus() != GlobalStatus.RollbackFailed) { + tx.rollback(); + } + } catch (TransactionException rollbackEx) { + LOGGER.debug("Rollback failed: {}", rollbackEx.getMessage()); + } + } + + long duration = System.currentTimeMillis() - startTime; + return new TransactionRecord(xid, status, duration, branchCount, success); + } + + private TransactionRecord executeRealMode() { + long startTime = System.currentTimeMillis(); + String businessKey = "benchmark-" + BUSINESS_KEY_COUNTER.incrementAndGet(); + String status = "Unknown"; + int branchCount = config.getBranches(); + boolean success = false; + + try { + // Choose state machine based on branch count + String stateMachineName = branchCount >= 3 ? ORDER_SAGA_NAME : SIMPLE_SAGA_NAME; + + // Prepare start parameters + Map<String, Object> startParams = createStartParams(); + + // Execute state machine + StateMachineInstance instance = stateMachineEngine.startWithBusinessKey( + stateMachineName, stateMachineConfig.getDefaultTenantId(), businessKey, startParams); + + // Check execution result + ExecutionStatus executionStatus = instance.getStatus(); + ExecutionStatus compensationStatus = instance.getCompensationStatus(); + + if (ExecutionStatus.SU.equals(executionStatus)) { + status = "Committed"; + success = true; + } else if (ExecutionStatus.FA.equals(executionStatus)) { + if (compensationStatus != null) { + if (ExecutionStatus.SU.equals(compensationStatus)) { + status = "Compensated"; + } else { + status = "CompensationFailed"; + } + } else { + status = "Failed"; + } + } else if (ExecutionStatus.UN.equals(executionStatus)) { + status = "Unknown"; + } else { + status = executionStatus != null ? executionStatus.name() : "Unknown"; + } + + } catch (Exception e) { + LOGGER.debug("Saga execution failed: {}", e.getMessage()); + status = "Failed"; + } + + long duration = System.currentTimeMillis() - startTime; + return new TransactionRecord(businessKey, status, duration, branchCount, success); + } + + private Map<String, Object> createStartParams() { + Map<String, Object> params = new HashMap<>(); + params.put("userId", "user-" + RANDOM.nextInt(1000)); + params.put("productId", "product-" + RANDOM.nextInt(100)); + params.put("quantity", RANDOM.nextInt(10) + 1); + params.put("amount", new BigDecimal(RANDOM.nextInt(1000) + 100)); + params.put("accountId", "account-" + RANDOM.nextInt(1000)); Review Comment: ## Insecure randomness Potential Insecure randomness due to a [Insecure randomness source.](1). Potential Insecure randomness due to a [Insecure randomness source.](2). Potential Insecure randomness due to a [Insecure randomness source.](3). Potential Insecure randomness due to a [Insecure randomness source.](4). [Show more details](https://github.com/apache/incubator-seata/security/code-scanning/52) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
