Re: [PR] Remove unnecessary `InputStream.close` call [polaris]

Wed, 02 Jul 2025 09:27:16 -0700 


eric-maynard commented on code in PR #1982:
URL: https://github.com/apache/polaris/pull/1982#discussion_r2180479342


##########
persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/DatasourceOperations.java:
##########
@@ -82,45 +82,37 @@ DatabaseType getDatabaseType() {
    * @throws SQLException : Exception while executing the script.
    */
   public void executeScript(InputStream scriptInputStream) throws SQLException 
{
-    try {
-      runWithinTransaction(
-          connection -> {
-            try (Statement statement = connection.createStatement();
-                BufferedReader reader =
-                    new BufferedReader(
-                        new 
InputStreamReader(Objects.requireNonNull(scriptInputStream), UTF_8))) {
-              StringBuilder sqlBuffer = new StringBuilder();
-              String line;
-              while ((line = reader.readLine()) != null) {
-                line = line.trim();
-                if (!line.isEmpty() && !line.startsWith("--")) { // Ignore 
empty lines and comments
-                  sqlBuffer.append(line).append("\n");
-                  if (line.endsWith(";")) { // Execute statement when 
semicolon is found
-                    String sql = sqlBuffer.toString().trim();
-                    try {
-                      // since SQL is directly read from the file, there is 
close to 0 possibility
-                      // of this being injected plus this run via an Admin 
tool, if attacker can
-                      // fiddle with this that means lot of other things are 
already compromised.
-                      statement.execute(sql);
-                    } catch (SQLException e) {
-                      throw new RuntimeException(e);
-                    }
-                    sqlBuffer.setLength(0); // Clear the buffer for the next 
statement
+    runWithinTransaction(
+        connection -> {
+          try (Statement statement = connection.createStatement();
+              BufferedReader reader =
+                  new BufferedReader(
+                      new 
InputStreamReader(Objects.requireNonNull(scriptInputStream), UTF_8))) {

Review Comment:
   Yeah, to fix that I think we need to go back to having two 
try-with-resources. Still, the extra close call can be removed. Just pushed a 
fix.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to