Re: [PR] Remove unnecessary `InputStream.close` call [polaris]

Wed, 02 Jul 2025 06:57:23 -0700 


dimas-b commented on code in PR #1982:
URL: https://github.com/apache/polaris/pull/1982#discussion_r2180109564


##########
persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/DatasourceOperations.java:
##########
@@ -82,45 +82,37 @@ DatabaseType getDatabaseType() {
    * @throws SQLException : Exception while executing the script.
    */
   public void executeScript(InputStream scriptInputStream) throws SQLException 
{
-    try {
-      runWithinTransaction(
-          connection -> {
-            try (Statement statement = connection.createStatement();
-                BufferedReader reader =
-                    new BufferedReader(
-                        new 
InputStreamReader(Objects.requireNonNull(scriptInputStream), UTF_8))) {
-              StringBuilder sqlBuffer = new StringBuilder();
-              String line;
-              while ((line = reader.readLine()) != null) {
-                line = line.trim();
-                if (!line.isEmpty() && !line.startsWith("--")) { // Ignore 
empty lines and comments
-                  sqlBuffer.append(line).append("\n");
-                  if (line.endsWith(";")) { // Execute statement when 
semicolon is found
-                    String sql = sqlBuffer.toString().trim();
-                    try {
-                      // since SQL is directly read from the file, there is 
close to 0 possibility
-                      // of this being injected plus this run via an Admin 
tool, if attacker can
-                      // fiddle with this that means lot of other things are 
already compromised.
-                      statement.execute(sql);
-                    } catch (SQLException e) {
-                      throw new RuntimeException(e);
-                    }
-                    sqlBuffer.setLength(0); // Clear the buffer for the next 
statement
+    runWithinTransaction(
+        connection -> {
+          try (Statement statement = connection.createStatement();
+              BufferedReader reader =
+                  new BufferedReader(
+                      new 
InputStreamReader(Objects.requireNonNull(scriptInputStream), UTF_8))) {

Review Comment:
   Regardless of the `.close()` call, I just realised that 
`runWithinTransaction()` has re-tries... So if this code is called again, the 
reading of the `scriptInputStream` will lead to invalid data. WDYT?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to