You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@fineract.apache.org by iamrupok <gi...@git.apache.org> on 2017/06/15 09:57:27 UTC
[GitHub] fineract pull request #370: adhoc query
GitHub user iamrupok opened a pull request:
https://github.com/apache/fineract/pull/370
adhoc query
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/iamrupok/fineract develop
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/fineract/pull/370.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #370
----
commit 5a3d4ae1fae53fc882ab62dc9c932634171f65ff
Author: Kasem <ia...@gmail.com>
Date: 2017-06-15T09:55:58Z
adhoc query
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract issue #370: adhoc query
Posted by iamrupok <gi...@git.apache.org>.
Github user iamrupok commented on the issue:
https://github.com/apache/fineract/pull/370
created a new PR 395
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract pull request #370: adhoc query
Posted by nazeer1100126 <gi...@git.apache.org>.
Github user nazeer1100126 commented on a diff in the pull request:
https://github.com/apache/fineract/pull/370#discussion_r122465169
--- Diff: fineract-provider/src/main/java/org/apache/fineract/adhocquery/domain/AdHoc.java ---
@@ -0,0 +1,148 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.adhocquery.domain;
+
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+
+import org.apache.commons.lang.BooleanUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.fineract.adhocquery.api.AdHocJsonInputParams;
+import org.apache.fineract.infrastructure.core.api.JsonCommand;
+import org.apache.fineract.infrastructure.core.domain.AbstractAuditableCustom;
+import org.apache.fineract.useradministration.domain.AppUser;
+
+
+@Entity
+@Table(name = "m_adhoc")
+public class AdHoc extends AbstractAuditableCustom<AppUser, Long> {
+
+ @Column(name = "name", length = 100)
+ private String name;
+
+ @Column(name = "query", length = 2000)
+ private String query;
+
+ @Column(name = "table_name", length = 100)
+ private String tableName;
+
+
+ @Column(name = "table_fields", length = 2000)
+ private String tableFields;
+
+ @Column(name = "email", length = 500)
+ private String email;
+
+
+ @Column(name = "IsActive", nullable = false)
+ private boolean isActive = false;
+
+ private AdHoc(final String name, final String query,final String tableName,final String tableFields ,final String email,final boolean isActive) {
+ this.name = StringUtils.defaultIfEmpty(name, null);
+ this.query=StringUtils.defaultIfEmpty(query,null);
+ this.tableName=StringUtils.defaultIfEmpty(tableName,null);
+ this.tableFields=StringUtils.defaultIfEmpty(tableFields,null);
+ this.email=StringUtils.defaultIfEmpty(email,null);
+ this.isActive = BooleanUtils.toBooleanDefaultIfNull(isActive, false);
+
+ }
+ public static AdHoc fromJson(final JsonCommand command) {
+ final String name = command.stringValueOfParameterNamed(AdHocJsonInputParams.NAME.getValue());
+ final String query = command.stringValueOfParameterNamed(AdHocJsonInputParams.QUERY.getValue());
--- End diff --
Do we need to validate this query string not to have cases where authorized users sending malicious SQL statements?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract issue #370: adhoc query
Posted by nazeer1100126 <gi...@git.apache.org>.
Github user nazeer1100126 commented on the issue:
https://github.com/apache/fineract/pull/370
@iamrupok please let me know if you need more details.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract issue #370: adhoc query
Posted by iamrupok <gi...@git.apache.org>.
Github user iamrupok commented on the issue:
https://github.com/apache/fineract/pull/370
planning to add
final String sqlQuery = this.fromApiJsonHelper.extractStringNamed("query",
element);
if(sqlQuery.toLowerCase().contains("drop")||sqlQuery.toLowerCase().contains("delete")){
final ApiParameterError error =
ApiParameterError.parameterError("validation.msg.unsupported.sql", "Delete
and Drop Not Supported",
"query", sqlQuery);
dataValidationErrors.add(error);
}
in AdHocDataValidator class for create and update do you think this would
be suffiient
On Fri, Jun 16, 2017 at 9:11 PM, Shaik Nazeer Hussain <
notifications@github.com> wrote:
> *@nazeer1100126* commented on this pull request.
> ------------------------------
>
> In fineract-provider/src/main/java/org/apache/fineract/
> adhocquery/domain/AdHoc.java
> <https://github.com/apache/fineract/pull/370#discussion_r122465169>:
>
> > +
> + @Column(name = "IsActive", nullable = false)
> + private boolean isActive = false;
> +
> + private AdHoc(final String name, final String query,final String tableName,final String tableFields ,final String email,final boolean isActive) {
> + this.name = StringUtils.defaultIfEmpty(name, null);
> + this.query=StringUtils.defaultIfEmpty(query,null);
> + this.tableName=StringUtils.defaultIfEmpty(tableName,null);
> + this.tableFields=StringUtils.defaultIfEmpty(tableFields,null);
> + this.email=StringUtils.defaultIfEmpty(email,null);
> + this.isActive = BooleanUtils.toBooleanDefaultIfNull(isActive, false);
> +
> + }
> + public static AdHoc fromJson(final JsonCommand command) {
> + final String name = command.stringValueOfParameterNamed(AdHocJsonInputParams.NAME.getValue());
> + final String query = command.stringValueOfParameterNamed(AdHocJsonInputParams.QUERY.getValue());
>
> Do we need to validate this query string not to have cases where
> authorized users sending malicious SQL statements?
>
> —
> You are receiving this because you authored the thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/apache/fineract/pull/370#pullrequestreview-44586872>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/ALCNB6KOo7VMncz9_O8P1TJIbX8LcwMRks5sEpsqgaJpZM4N6_MX>
> .
>
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract pull request #370: adhoc query
Posted by iamrupok <gi...@git.apache.org>.
Github user iamrupok closed the pull request at:
https://github.com/apache/fineract/pull/370
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] fineract issue #370: adhoc query
Posted by nazeer1100126 <gi...@git.apache.org>.
Github user nazeer1100126 commented on the issue:
https://github.com/apache/fineract/pull/370
@iamrupok You need to check whether DDL and DML commands are allowed are not. I don't know the real use case how are you going to use, it's up to you to decide. Please find the DDL and DML commands below.
DDL_COMMANDS = { "create", "drop", "alter", "truncate", "comment" },
DML_COMMANDS = { "select", "insert", "update", "delete", "merge", "upsert", "call" };
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---