I must be missing something blindingly obvious. Somebody please shame me;
I'm building 2.2 Aggregation queries, which aren't natively supported by the C# Linq Driver, so I'm having to build up stringified names for nested properties using dotted notation. Say I have a structure like this;
db.so.insert({
a:1,
b:2,
n : {
z:4,
x:5,
y: {
v:"value",
}
}
});
So to reference the "value" I would need to use the name n.y.v or n[y][v]. Now, since I'm receiving the choice of field property names for the query from the web client (http://www.demo.org/exampleQuery?field1=n&field2=y&field3=v) I need to construct the property names thus;
var fieldNameForQuery = field1+"."+field2+"."+field3;
I'm obviously nervous about this, so of course I'm defending against NOSQL Injection by sanitising my input parameters, but I'd much rather be using the C# driver for this instead.
I guess I'd like something like;
MongoDB.Driver.BuildNestedFieldName(field1, field2, field3));
which is basically what I've had to write myself, but it feels like a kludge, and I'd rather not maintain the responsibility for building DB safe field names this way.
There currently isn't a function to do what you are wanting. However, if all the function does is stick "."'s in the middle, then we aren't solving an injection problem because the stuff we are inserting can't have been injected... The injection problem would be solved by ensuring that "field1", "field2", and "field3" are valid values for field names. Of course, there isn't much that is invalid according to http://bsonspec.org/#/specification. The only thing we'd be checking for is that there aren't 2 null terminators in the string. So... that doesn't leave us with much we can do.
Does this make sense?
Related
I'm making some simple PostgREST queries on a table with network device properties. It seems that eq and not.eq both exclude null values. I've learned that that's a “feature” of PostgreSQL, and can be worked around with the IS DISTINCT FROM operator, which treats null as a comparable value.
I can't find an equivalent (null-safe not-equals) operator in PostgREST. Is there one?
Simplified example:
# https://example.com/api?select=*&name=like.spam-*
[{
"name":"spam-eggs",
"type":"router",
"sector":"cheese"
},{
"name":"spam-ham",
"type":"router",
"sector":null
}]
not.eq.cheese excludes cheese and null:
# https://example.com/api?select=*&name=like.spam-*§or=not.eq.cheese
[]
My awkward workaround is using or to include nulls:
# https://example.com/api?select=*&name=like.spam-*&or=(sector.not.eq.cheese,sector.is.null)
[{
"name":"spam-ham",
"type":"router",
"sector":null
}]
Am I stuck with that workaround, or is there an operator like isdistinctfrom, neq-or-null, etc. that I've missed?
I've checked the code and there's no implementation of IS DISTINCT FROM right now. That is, no PostgREST operator translates to it. The only reference I found is in a comment in this file, but it's for a different issue.
So, yes, right now, your workaround would be the closest you can get to the behavior you want. Creating a FUNCTION with a custom query using IS DISTINCT FROM is another alternative, although it requires more heavy lifting.
I am new to Drools, we are trying to create basic validation rules like a NULL check, etc. using the Drools n Scala framework.
I have a source file which has 200 attributes, need to apply NULL-check rule on all these attributes,
is there any easy way to do this? or do I need to create 200 rules for each attribute?
Thanks in advance.
Assuming you have a POJO ("plain old java object", getters/setters and some private variables to hold values) or modern java Records (effectively the same thing), then the answer is no: you need separate rules. For this scenario, the only way to check that field "name" is null is to actually assert against that field like this:
rule "example - name is null"
when
ExampleObject( name == null )
then
System.out.println("Name is null.");
end
However there exist other data structures -- for example, Map and its sibling types -- where you can reference the fields by name. In this case you could theoretically iterate through all of the field names and find the one whose value is empty.
So, for example, Map has a keySet() method which returns a set of fields -- you could iterate through this keyset and for each key check that there is a non-null value present in the map.
rule "example with map"
when
$map: Map()
$keys: Set() from $map.keySet()
$key: String() from $keys
String( this == null ) from $map.get($key)
// or this might work, not sure if the "this" keyword allows this syntax:
// Map( this[$key] == null ) from $map
then
System.out.println($key + " is missing/null");
end
This would require converting your Java object into a Map before passing into the rules.
However I DO NOT RECOMMEND this approach. Maps are extremely un-performant in rules because of how they serialize/deserialize. You will use a ton of unnecessary heap when firing them. If you look at how a HashMap serializes, for example, by peeking at its source code you'll see that it actually contains a bunch of "child" data structures like entryset and keyset and things like that. When using "new", those child structures are only initialized if and when you need them; but when serializing/deserializing, they're created immediately even if you don't need them.
Another solution would be to use Java reflection to get the list of declared field names, and then iterate through those names using reflection to get the value out for that field. In your place I'd do this in Java (reflection is problematic enough without trying to do it in Drools) and then if necessary invoke such a utility function from Drools.
I have a design problem, but don't know how to fix it. I have a Policy object, with a boolean property like so:
public bool IsCancelled
{
get
{
return (CancellationDate != null && Convert.ToDateTime(CancellationDate) < DateTime.Today);
}
}
The problem with this approach is that if I want to get...
context.Policies.where(q => q.IsCancelled)
...LinqToEntities can't execute this against the database; I must load every policy object into memory, like this statement below, which kills performance and is completely unnecessary:
context.policies.ToList().where(q => q.IsCancelled)
A colleague tells me I should be able to use a Func or Expression to do this, but I'm at a loss as to what phrase to even Google for this. Can someone recommend a link or two that explains how to do this?
Keep in mind, I want this to be available to queries like the one above, and to an instance of a Policy object in memory, without having to code the logic twice (DRY and all that).
Thanks.
The problem is your Convert method. I assume CancelationDate is a string. The real problem here is that SQL doesn't do date comparisons as strings, they need to be in date format. This can't be translated to SQL, and thus won't work in the database.
You really should be storing dates as the date type, not as strings. Then it would be trivial. If you can change this, then do it, then no conversion is necessary.
Your other option is to futz with the EntityFunctions, SqlFunctions, DbFunctions to try to make it work.
See:
Comparing date with string Entity Framework
I am building a highly generic query mechanism on top of the JPA Criteria. I get as input an XML describing the query, something like this:
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<Criteria xmlns='criteria' maxResults='2'>
<Expression>
<CompareRestriction propertyType='Date' operator='GREATER_THAN_OR_EQUALS' propertyName='deliveryDate'>2010-07-02</CompareRestriction>
<CompareRestriction propertyType='Float' operator='GREATER_THAN_OR_EQUALS' propertyName='weight'>10f</CompareRestriction>
<Restriction operator='NOT_NULL' propertyName='maxDiameter'/>
<LogicalExpression operator='OR'>
<LeftHandSideCompare propertyType="Integer" operator="EQUALS" propertyName="weight">31</LeftHandSideCompare>
<RightHandSide operator='NOT_NULL' propertyName='lastChangedDate'/>
</LogicalExpression>
<LogicalExpression operator='OR'>
<LeftHandSideCompare propertyType="Integer" operator="EQUALS" propertyName="weight">31</LeftHandSideCompare>
<RightHandSide operator='NOT_NULL' propertyName='lastChangedDate'/>
</LogicalExpression>
</Expression>
<Order propertyName='deliveryDate' type='DESC'/>
</Criteria>
and I parse this thing and build the corresponding criteria. Currently I am facing a problem with it comes to comparison operators (<,>,<=,=>) as I deal with different numerical types: I have fields with Float, Integer or Long value. So when I am mapping I do something like this:
switch (leftHandSideCompareRestriction.getOperator().value()) {
...
case "LESS_THAN" : innerPredicates.add(criteriaBuilder.gt(rootQuery.<Number>get(propName), NumberUtils.createNumber((value))));
case "LESS_THAN_OR_EQUALS" : innerPredicates.add(criteriaBuilder.gt(rootQuery.<Number>get(propName), NumberUtils.createNumber(value)));
...
}
The NumberUtils is the apache commons NumberUtils utility class
that returns a numerical type based on the input provided (Float, Integer, Long or Double). Now I need a mechanism to provide the type also for the
rootQuery<T>.get(propName)
at runtime, otherwise the JPA is complaining that I provided a Float instead of a Integer or the other way around. I tried several things and now I kind of ran out of ideas. I would highly appreciate and thoughts, ideas, suggestions about how to accomplish this in a robust fashion.
I seems that initially I missed something - I am not sure how. There some kind of issue in a different part. So, doing the query like this: it will work for sure. I tried with the following types:
Integer
Float
And it worked as expected for the following operations: >,<, <=, =>. In conclusion using Number and the NumberUtils fixes this issue in quite an elegant manner, as the appropriate type is created by the NumberUtils and JPA takes the top of the hierarchy for Number.
I want to generate a dynamic SQL where clause from a Scala collection, such as Map
Example, with a Map("firstName" -> "Chuck", "lastName" -> "Norris") object,
I want to generate the following clause:
where firstName = 'Chuck'
and lastName = 'Norris'
Basically, for the first element in the collection, precede with the where keyword, and for the subsequent ones, precede with and.
I'm really struggling to do this algorithm in Scala, so I'm asking for your help.
Maybe Map isn't the right collection for this task?
A possible solution is:
myMap.map {case (k, v) => """%s = '%s'""".format(k, v)}
.mkString("where ", "\nand ", "")
The map function with the format transform key/values into key = 'value', and mkString build the where clause.
And, because someone needs to say it, for gods sake don't do anything like this in production code! This sort of thing is just begging for an SQL injection attack, where someone gives you corrupt input which you blindly format into SQL that does drastically different things than what you want. Here's an example: http://xkcd.com/327/
As long as you're generating actual SQL statements, you may want to look at more robust models for database access. My favorite is Squeryl, but there are other flavors.