[jira] [Commented] (NIFI-978) Support parameterized prepared statements in ExecuteSQL
[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361349#comment-16361349 ] ASF GitHub Bot commented on NIFI-978: - Github user asfgit closed the pull request at: https://github.com/apache/nifi/pull/2433 > Support parameterized prepared statements in ExecuteSQL > --- > > Key: NIFI-978 > URL: https://issues.apache.org/jira/browse/NIFI-978 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: Daryl Teo >Assignee: Matt Burgess >Priority: Minor > Fix For: 1.6.0 > > > PutSQL and ExecuteSQL are highly inconsistent and leads to confusion. > - PutSQL relies on FlowFile content to execute it's statement. > - ExecuteSQL relies on SQL Select Command attribute > - PutSQL supports parameterized statements through sql.args attributes > - ExecuteSQL relies on Expression Language to insert dynamic properties > The reliance on expression language for ExecuteSQL may also lead to potential > SQL injection if one is not careful as it is a string replacement. > Therefore in the interest of reliability and consistency I highly recommend > that the SQL processors be standardised. > Note: I prefer the sql command attribute for running SQL as opposed to the > (lower visibility) content based command specification. Having the query > attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a > great improvement. If you support this, I will create a new issue in Jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-978) Support parameterized prepared statements in ExecuteSQL
[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361342#comment-16361342 ] ASF subversion and git services commented on NIFI-978: -- Commit b5ca7adbb97c603cbc721e105c4fe279cdcb085b in nifi's branch refs/heads/master from [~ca9mbu] [ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=b5ca7ad ] NIFI-978: Support parameterized statements in ExecuteSQL Signed-off-by: Pierre VillardThis closes #2433. > Support parameterized prepared statements in ExecuteSQL > --- > > Key: NIFI-978 > URL: https://issues.apache.org/jira/browse/NIFI-978 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: Daryl Teo >Assignee: Matt Burgess >Priority: Minor > Fix For: 1.6.0 > > > PutSQL and ExecuteSQL are highly inconsistent and leads to confusion. > - PutSQL relies on FlowFile content to execute it's statement. > - ExecuteSQL relies on SQL Select Command attribute > - PutSQL supports parameterized statements through sql.args attributes > - ExecuteSQL relies on Expression Language to insert dynamic properties > The reliance on expression language for ExecuteSQL may also lead to potential > SQL injection if one is not careful as it is a string replacement. > Therefore in the interest of reliability and consistency I highly recommend > that the SQL processors be standardised. > Note: I prefer the sql command attribute for running SQL as opposed to the > (lower visibility) content based command specification. Having the query > attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a > great improvement. If you support this, I will create a new issue in Jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-978) Support parameterized prepared statements in ExecuteSQL
[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361338#comment-16361338 ] ASF GitHub Bot commented on NIFI-978: - Github user pvillard31 commented on the issue: https://github.com/apache/nifi/pull/2433 Code LGTM, ran few tests successfully, merging to master. > Support parameterized prepared statements in ExecuteSQL > --- > > Key: NIFI-978 > URL: https://issues.apache.org/jira/browse/NIFI-978 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions >Reporter: Daryl Teo >Assignee: Matt Burgess >Priority: Minor > > PutSQL and ExecuteSQL are highly inconsistent and leads to confusion. > - PutSQL relies on FlowFile content to execute it's statement. > - ExecuteSQL relies on SQL Select Command attribute > - PutSQL supports parameterized statements through sql.args attributes > - ExecuteSQL relies on Expression Language to insert dynamic properties > The reliance on expression language for ExecuteSQL may also lead to potential > SQL injection if one is not careful as it is a string replacement. > Therefore in the interest of reliability and consistency I highly recommend > that the SQL processors be standardised. > Note: I prefer the sql command attribute for running SQL as opposed to the > (lower visibility) content based command specification. Having the query > attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a > great improvement. If you support this, I will create a new issue in Jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (NIFI-978) Support parameterized prepared statements in ExecuteSQL
[ https://issues.apache.org/jira/browse/NIFI-978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16339380#comment-16339380 ] ASF GitHub Bot commented on NIFI-978: - GitHub user mattyb149 opened a pull request: https://github.com/apache/nifi/pull/2433 NIFI-978: Support parameterized statements in ExecuteSQL Thank you for submitting a contribution to Apache NiFi. In order to streamline the review of the contribution we ask you to ensure the following steps have been taken: ### For all changes: - [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message? - [x] Does your PR title start with NIFI- where is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character. - [x] Has your PR been rebased against the latest commit within the target branch (typically master)? - [x] Is your initial contribution a single, squashed commit? ### For code changes: - [x] Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder? - [x] Have you written or updated unit tests to verify your changes? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly? - [ ] If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly? - [ ] If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties? ### For documentation related changes: - [ ] Have you ensured that format looks appropriate for the output in which it is rendered? ### Note: Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mattyb149/nifi NIFI-978 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi/pull/2433.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #2433 commit 7052824d88b3b9ceb04d7dda92cb63264ccf2a65 Author: Matthew BurgessDate: 2018-01-25T15:24:17Z NIFI-978: Support parameterized statements in ExecuteSQL > Support parameterized prepared statements in ExecuteSQL > --- > > Key: NIFI-978 > URL: https://issues.apache.org/jira/browse/NIFI-978 > Project: Apache NiFi > Issue Type: Improvement >Reporter: Daryl Teo >Assignee: Matt Burgess >Priority: Minor > > PutSQL and ExecuteSQL are highly inconsistent and leads to confusion. > - PutSQL relies on FlowFile content to execute it's statement. > - ExecuteSQL relies on SQL Select Command attribute > - PutSQL supports parameterized statements through sql.args attributes > - ExecuteSQL relies on Expression Language to insert dynamic properties > The reliance on expression language for ExecuteSQL may also lead to potential > SQL injection if one is not careful as it is a string replacement. > Therefore in the interest of reliability and consistency I highly recommend > that the SQL processors be standardised. > Note: I prefer the sql command attribute for running SQL as opposed to the > (lower visibility) content based command specification. Having the query > attribute of ExecuteSQL, with the sql.args attributes of PutSQL would be a > great improvement. If you support this, I will create a new issue in Jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)