github-advanced-security[bot] commented on code in PR #15122:
URL:
https://github.com/apache/dolphinscheduler/pull/15122#discussion_r1381667452
##########
dolphinscheduler-task-plugin/dolphinscheduler-task-datax/src/main/java/org/apache/dolphinscheduler/plugin/task/datax/content/writer/BuildDataxJobContentJsonDefaultWriter.java:
##########
@@ -0,0 +1,241 @@
+package org.apache.dolphinscheduler.plugin.task.datax.content.writer;
+
+import static
org.apache.dolphinscheduler.plugin.datasource.api.utils.PasswordUtils.decodePassword;
+
+import org.apache.dolphinscheduler.common.utils.JSONUtils;
+import
org.apache.dolphinscheduler.plugin.datasource.api.plugin.DataSourceClientProvider;
+import org.apache.dolphinscheduler.plugin.datasource.api.utils.DataSourceUtils;
+import org.apache.dolphinscheduler.plugin.task.datax.DataxParameters;
+import org.apache.dolphinscheduler.plugin.task.datax.DataxTaskExecutionContext;
+import org.apache.dolphinscheduler.plugin.task.datax.DataxUtils;
+import org.apache.dolphinscheduler.spi.datasource.BaseConnectionParam;
+import org.apache.dolphinscheduler.spi.enums.DbType;
+
+import org.apache.commons.collections4.CollectionUtils;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.ResultSetMetaData;
+import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.ExecutionException;
+
+import com.alibaba.druid.sql.ast.SQLStatement;
+import com.alibaba.druid.sql.ast.expr.SQLIdentifierExpr;
+import com.alibaba.druid.sql.ast.expr.SQLPropertyExpr;
+import com.alibaba.druid.sql.ast.statement.SQLSelect;
+import com.alibaba.druid.sql.ast.statement.SQLSelectItem;
+import com.alibaba.druid.sql.ast.statement.SQLSelectQueryBlock;
+import com.alibaba.druid.sql.ast.statement.SQLSelectStatement;
+import com.alibaba.druid.sql.ast.statement.SQLUnionQuery;
+import com.alibaba.druid.sql.parser.SQLStatementParser;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+
+public class BuildDataxJobContentJsonDefaultWriter extends
AbstractBuildDataxJobContentJsonWriter {
+
+ /**
+ * select all
+ */
+ private static final String SELECT_ALL_CHARACTER = "*";
+
+ @Override
+ public void init(DataxTaskExecutionContext dataxTaskExecutionContext,
DataxParameters dataXParameters) {
+ this.dataxTaskExecutionContext = dataxTaskExecutionContext;
+ this.dataXParameters = dataXParameters;
+ }
+
+ @Override
+ public ObjectNode writer() {
+ BaseConnectionParam dataSourceCfg = (BaseConnectionParam)
DataSourceUtils.buildConnectionParams(
+ dataxTaskExecutionContext.getSourcetype(),
+ dataxTaskExecutionContext.getSourceConnectionParams());
+
+ BaseConnectionParam dataTargetCfg = (BaseConnectionParam)
DataSourceUtils.buildConnectionParams(
+ dataxTaskExecutionContext.getTargetType(),
+ dataxTaskExecutionContext.getTargetConnectionParams());
+
+ List<ObjectNode> writerConnArr = new ArrayList<>();
+ ObjectNode writerConn = JSONUtils.createObjectNode();
+ ArrayNode tableArr = writerConn.putArray("table");
+ tableArr.add(dataXParameters.getTargetTable());
+
+ writerConn.put("jdbcUrl",
+
DataSourceUtils.getJdbcUrl(DbType.valueOf(dataXParameters.getDtType()),
dataTargetCfg));
+ writerConnArr.add(writerConn);
+
+ ObjectNode writerParam = JSONUtils.createObjectNode();
+ writerParam.put("username", dataTargetCfg.getUser());
+ writerParam.put("password",
decodePassword(dataTargetCfg.getPassword()));
+
+ String[] columns =
parsingSqlColumnNames(dataxTaskExecutionContext.getSourcetype(),
+ dataxTaskExecutionContext.getTargetType(),
+ dataSourceCfg, dataXParameters.getSql());
+
+ ArrayNode columnArr = writerParam.putArray("column");
+ for (String column : columns) {
+ columnArr.add(column);
+ }
+ writerParam.putArray("connection").addAll(writerConnArr);
+
+ if (CollectionUtils.isNotEmpty(dataXParameters.getPreStatements())) {
+ ArrayNode preSqlArr = writerParam.putArray("preSql");
+ for (String preSql : dataXParameters.getPreStatements()) {
+ preSqlArr.add(preSql);
+ }
+
+ }
+
+ if (CollectionUtils.isNotEmpty(dataXParameters.getPostStatements())) {
+ ArrayNode postSqlArr = writerParam.putArray("postSql");
+ for (String postSql : dataXParameters.getPostStatements()) {
+ postSqlArr.add(postSql);
+ }
+ }
+
+ ObjectNode writer = JSONUtils.createObjectNode();
+ writer.put("name",
DataxUtils.getWriterPluginName(dataxTaskExecutionContext.getTargetType()));
+ writer.set("parameter", writerParam);
+ return writer;
+ }
+
+ /**
+ * parsing synchronized column names in SQL statements
+ *
+ * @param sourceType the database type of the data source
+ * @param targetType the database type of the data target
+ * @param dataSourceCfg the database connection parameters of the data
source
+ * @param sql sql for data synchronization
+ * @return Keyword converted column names
+ */
+ private String[] parsingSqlColumnNames(DbType sourceType, DbType
targetType, BaseConnectionParam dataSourceCfg,
+ String sql) {
+ String[] columnNames =
tryGrammaticalAnalysisSqlColumnNames(sourceType, sql);
+
+ if (columnNames == null || columnNames.length == 0) {
+ log.info("try to execute sql analysis query column name");
+ columnNames = tryExecuteSqlResolveColumnNames(sourceType,
dataSourceCfg, sql);
+ }
+
+ notNull(columnNames, String.format("parsing sql columns failed : %s",
sql));
+
+ return DataxUtils.convertKeywordsColumns(targetType, columnNames);
+ }
+
+ /**
+ * try grammatical parsing column
+ *
+ * @param dbType database type
+ * @param sql sql for data synchronization
+ * @return column name array
+ * @throws RuntimeException if error throws RuntimeException
+ */
+ private String[] tryGrammaticalAnalysisSqlColumnNames(DbType dbType,
String sql) {
+ String[] columnNames;
+
+ try {
+ SQLStatementParser parser =
DataxUtils.getSqlStatementParser(dbType, sql);
+ if (parser == null) {
+ log.warn("database driver [{}] is not support grammatical
analysis sql", dbType);
+ return new String[0];
+ }
+
+ SQLStatement sqlStatement = parser.parseStatement();
+ SQLSelectStatement sqlSelectStatement = (SQLSelectStatement)
sqlStatement;
+ SQLSelect sqlSelect = sqlSelectStatement.getSelect();
+
+ List<SQLSelectItem> selectItemList = null;
+ if (sqlSelect.getQuery() instanceof SQLSelectQueryBlock) {
+ SQLSelectQueryBlock block = (SQLSelectQueryBlock)
sqlSelect.getQuery();
+ selectItemList = block.getSelectList();
+ } else if (sqlSelect.getQuery() instanceof SQLUnionQuery) {
+ SQLUnionQuery unionQuery = (SQLUnionQuery)
sqlSelect.getQuery();
+ SQLSelectQueryBlock block = (SQLSelectQueryBlock)
unionQuery.getRight();
+ selectItemList = block.getSelectList();
+ }
+
+ notNull(selectItemList,
+ String.format("select query type [%s] is not support",
sqlSelect.getQuery().toString()));
+
+ columnNames = new String[selectItemList.size()];
Review Comment:
## Dereferenced variable may be null
Variable [selectItemList](1) may be null at this access because of [this](2)
assignment.
[Show more
details](https://github.com/apache/dolphinscheduler/security/code-scanning/3549)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
