You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@usergrid.apache.org by "Malaka Mahanama (JIRA)" <ji...@apache.org> on 2014/05/06 21:40:15 UTC
[jira] [Comment Edited] (USERGRID-71) Queries with incorrect syntax
should return a 400 error
[ https://issues.apache.org/jira/browse/USERGRID-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13991034#comment-13991034 ]
Malaka Mahanama edited comment on USERGRID-71 at 5/6/14 7:38 PM:
-----------------------------------------------------------------
Hi [~rockerston]/ [~djohnson]/ [~tnine]/ [~zznate]/ [~sungju] (reaching out to a few leads who have done merges on my PRs / helped settle into UG.)
Appreciate some feedback for this defect:
+Here are some results from my testing:+
../test-app/users/?ql=select * where username = 'malaka' order by =username desc ^[note the '=username']^
../?ql=select * where username = 'malaka' order by }username desc ^[note the '}username']^
All the above provided a 200 OK with "entities": [].
??These two were exempt because the QueryFilter.g filters it and allow the symbols in the query.??
../test-app/users/?ql=select * where username = 'malaka' order by WRONGusername desc ^[note the 'WRONGusername']^
??the above provided a 200 OK with "entities": []. as well.??
+However if we do:+
../test-app/users/?ql=select * where username = 'malaka' order by |username desc ^[note the '|username']^
The following error was observed:
"exception": "org.apache.usergrid.persistence.exceptions.QueryTokenException",
"error_description": "MismatchedTokenException(117!=124)"
??This is because the final check for '|' is to check if '||' operator exists and that fails.??
+More testing showed that with:+
../test-app/users/?ql=select * where username = 'malaka' order by "username desc ^[note the ' "username']^
../test-app/users/?ql=select * where username = 'malaka' order by $username desc ^[note the '$username']^
*The following error was observed:*
"exception": "org.apache.usergrid.persistence.exceptions.QueryTokenException",
"error_description": "NoViableAltException('\"'@[1:1: Tokens : ( T__31 | T__32 | T__33 | T__34 | T__35 | T__36 | T__37 | T__38 | T__39 | T__40 | LT | LTE | EQ | GT | GTE | BOOLEAN | AND | OR | NOT | ASC | DESC | CONTAINS | WITHIN | OF | UUID | ID | LONG | FLOAT | STRING | WS );])"
??these two were NOT exempt because the QueryFilter.g filters does not allow them in the query (not defined).??
h4. I see two problems:
- If the allowed symbols appear in the wrong place it is still allowed.
- There is no way atm to identify things such as 'wrong table names' - would be great if we can give the users specific and friendly error messages (e.g.: 'table name not valid' etc.) with a 400.
Appreciate Ideas/suggestions/tips?
We can most probably use this knowledge in the 'Refactor - 2.0' (https://issues.apache.org/jira/browse/USERGRID-9). Hoping to contribute to that as well.
Thanks and Regards,
Malaka
was (Author: malaka):
Hi [~rockerston]/ [~djohnson]/ [~tnine]/ [~zznate]/ [~sungju] (reaching out to a few leads who have done merges on my PRs / helped settle into UG.)
Appreciate some feedback for this defect:
+Here are some results from my testing:+
../test-app/users/?ql=select * where username = 'malaka' order by =username desc ^[note the '=username']^
../?ql=select * where username = 'malaka' order by }username desc ^[note the '}username']^
All the above provided a 200 OK with "entities": [].
?? These two were exempt because the QueryFilter.g filters it and allow the symbols in the query. ??
../test-app/users/?ql=select * where username = 'malaka' order by WRONGusername desc ^[note the 'WRONGusername']^
??the above provided a 200 OK with "entities": []. as well.??
+However if we do: +
../test-app/users/?ql=select * where username = 'malaka' order by |username desc ^[note the '|username']^
The following error was observed:
"exception": "org.apache.usergrid.persistence.exceptions.QueryTokenException",
"error_description": "MismatchedTokenException(117!=124)"
??This is because the final check for '|' is to check if '||' operator exists and that fails.??
+More testing showed that with:+
../test-app/users/?ql=select * where username = 'malaka' order by "username desc ^[note the ' "username']^
../test-app/users/?ql=select * where username = 'malaka' order by $username desc ^[note the '$username']^
*The following error was observed:*
"exception": "org.apache.usergrid.persistence.exceptions.QueryTokenException",
"error_description": "NoViableAltException('\"'@[1:1: Tokens : ( T__31 | T__32 | T__33 | T__34 | T__35 | T__36 | T__37 | T__38 | T__39 | T__40 | LT | LTE | EQ | GT | GTE | BOOLEAN | AND | OR | NOT | ASC | DESC | CONTAINS | WITHIN | OF | UUID | ID | LONG | FLOAT | STRING | WS );])"
??these two were NOT exempt because the QueryFilter.g filters does not allow them in the query (not defined).??
h4. I see two problems:
- If the allowed symbols appear in the wrong place it is still allowed.
- There is no way atm to identify things such as 'wrong table names' - would be great if we can give the users specific and friendly error messages (e.g.: 'table name not valid' etc.) with a 400.
Appreciate Ideas/suggestions/tips?
We can most probably use this knowledge in the 'Refactor - 2.0' (https://issues.apache.org/jira/browse/USERGRID-9). Hoping to contribute to that as well.
Thanks and Regards,
Malaka
> Queries with incorrect syntax should return a 400 error
> -------------------------------------------------------
>
> Key: USERGRID-71
> URL: https://issues.apache.org/jira/browse/USERGRID-71
> Project: Usergrid
> Issue Type: Story
> Components: Stack
> Reporter: Rod Simpson
> Assignee: Malaka Mahanama
> Fix For: 1.1
>
>
> "As an example, the following returns HTTP 200 with 0 results instead of an error:
> ugc query notifications ""select * where state = 'finished' order by=created desc""
> "
--
This message was sent by Atlassian JIRA
(v6.2#6252)