You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Below is a summary of compliance checks for this PR:
Security Compliance
⚪
Denial of service
Description: The new wait_expect polling and sleep logic can be driven by script-provided interval/timeout to repeatedly re-execute potentially expensive queries and/or block threads via Thread.sleep, creating a realistic resource-exhaustion/DoS risk (CPU/DB load and thread starvation), especially if large timeout values are allowed or many commands enable wait_expect concurrently. Executor.java [226-428]
Referred Code
if (command.isWaitExpect()) {
intintervalMs = command.getWaitExpectInterval() * 1000;
inttimeoutMs = command.getWaitExpectTimeout() * 1000;
if (intervalMs > 0 && timeoutMs > 0) {
StmtResultfirstActResult = command.getActResult();
if (firstActResult == null || firstActResult.getType() != RESULT.STMT_RESULT_TYPE_SET) {
logger.warn(String.format(
"wait_expect is only safe for query results. Skip retry for command[%s][row:%d].",
command.getCommand(), command.getPosition()));
} else {
longdeadline = System.currentTimeMillis() + timeoutMs;
booleanmatched = command.checkResult();
while (!matched && System.currentTimeMillis() < deadline) {
longnow = System.currentTimeMillis();
longsleepMs = Math.min(intervalMs, Math.max(0, deadline - now));
if (sleepMs > 0) {
Thread.sleep(sleepMs);
}
if (statement != null) {
statement.close();
}
... (clipped182lines)
Ticket Compliance
⚪
🎫 No ticket provided
Create ticket/issue
Codebase Duplication Compliance
⚪
Codebase context is not defined
Follow the guide to enable codebase context checks.
Custom Compliance
🟢
Generic: Meaningful Naming and Self-Documenting Code
Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting
Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data.
Status: Sensitive SQL in logs: New log messages include command.getCommand() (raw SQL text) and may therefore write sensitive data contained in queries into logs.
Referred Code
logger.warn(String.format(
"wait_expect is only safe for query results. Skip retry for command[%s][row:%d].",
command.getCommand(), command.getPosition()));
} else {
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Missing audit context: The new wait/retry execution path re-runs SQL commands but does not add audit-grade logging with actor/user identity, timestamped action metadata, and outcome sufficient to reconstruct critical events.
Referred Code
if (command.isWaitExpect()) {
intintervalMs = command.getWaitExpectInterval() * 1000;
inttimeoutMs = command.getWaitExpectTimeout() * 1000;
if (intervalMs > 0 && timeoutMs > 0) {
StmtResultfirstActResult = command.getActResult();
if (firstActResult == null || firstActResult.getType() != RESULT.STMT_RESULT_TYPE_SET) {
logger.warn(String.format(
"wait_expect is only safe for query results. Skip retry for command[%s][row:%d].",
command.getCommand(), command.getPosition()));
} else {
longdeadline = System.currentTimeMillis() + timeoutMs;
booleanmatched = command.checkResult();
while (!matched && System.currentTimeMillis() < deadline) {
longnow = System.currentTimeMillis();
longsleepMs = Math.min(intervalMs, Math.max(0, deadline - now));
if (sleepMs > 0) {
Thread.sleep(sleepMs);
}
if (statement != null) {
statement.close();
}
... (clipped20lines)
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Interrupted sleep handling: New Thread.sleep(...) calls in the retry loop and result generation path introduce InterruptedException risk without visible local handling or restoration of the interrupt flag, which may cause unexpected termination or compilation/runtime issues depending on surrounding method signatures.
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Unbounded wait parameters: wait_expect interval/timeout are only validated as numeric and >0, with no upper bounds, which can enable excessively large sleeps/timeouts (potential DoS) and downstream integer-to-milliseconds conversions.
Referred Code
if (!StringUtils.isNumeric(intervalStr) || !StringUtils.isNumeric(timeoutStr)) {
LOG.warn(String.format("Invalid wait_expect flag values: %s. Interval/timeout must be numeric.", trimmedLine));
return;
}
intinterval = Integer.parseInt(intervalStr);
inttimeout = Integer.parseInt(timeoutStr);
if (interval <= 0 || timeout <= 0) {
LOG.warn(String.format("Invalid wait_expect flag values: %s. Interval/timeout must be > 0.", trimmedLine));
return;
}
if (interval > timeout) {
LOG.warn(String.format("wait_expect interval(%d) is greater than timeout(%d), interval will be capped to timeout.", interval, timeout));
interval = timeout;
}
command.setWaitExpect(true);
command.setWaitExpectInterval(interval);
command.setWaitExpectTimeout(timeout);
}
Add a check in parseWaitExpectFlag to handle cases where the flag is used without parameters (e.g., -- @wait_expect) to prevent a StringIndexOutOfBoundsException.
private void parseWaitExpectFlag(String trimmedLine, SqlCommand command) {
String rest = trimmedLine.substring(COMMON.WAIT_EXPECT_FLAG.length()).trim();
+ if (rest.isEmpty()) {+ LOG.warn(String.format("Invalid wait_expect flag format: %s. Missing (interval, timeout).", trimmedLine));+ return;+ }
if (!rest.startsWith("(") || !rest.endsWith(")")) {
LOG.warn(String.format("Invalid wait_expect flag format: %s. Expected -- @wait_expect(interval, timeout)", trimmedLine));
return;
}
String content = rest.substring(1, rest.length() - 1);
String[] parts = content.split(",");
if (parts.length != 2) {
LOG.warn(String.format("Invalid wait_expect flag format: %s. Expected -- @wait_expect(interval, timeout)", trimmedLine));
return;
}
String intervalStr = parts[0].trim();
String timeoutStr = parts[1].trim();
if (!StringUtils.isNumeric(intervalStr) || !StringUtils.isNumeric(timeoutStr)) {
LOG.warn(String.format("Invalid wait_expect flag values: %s. Interval/timeout must be numeric.", trimmedLine));
return;
}
int interval = Integer.parseInt(intervalStr);
int timeout = Integer.parseInt(timeoutStr);
if (interval <= 0 || timeout <= 0) {
LOG.warn(String.format("Invalid wait_expect flag values: %s. Interval/timeout must be > 0.", trimmedLine));
return;
}
if (interval > timeout) {
LOG.warn(String.format("wait_expect interval(%d) is greater than timeout(%d), interval will be capped to timeout.", interval, timeout));
interval = timeout;
}
command.setWaitExpect(true);
command.setWaitExpectInterval(interval);
command.setWaitExpectTimeout(timeout);
}
Apply / Chat
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies a potential StringIndexOutOfBoundsException if the wait_expect flag is used without parameters. Adding a check for an empty string improves the robustness of the parser.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Type
Enhancement
Description
Add wait_expect feature for polling query results until expected output
Implement parsing of wait_expect flag with interval and timeout parameters
Add retry logic in Executor to re-execute queries with configurable polling
Add getter method for actResult in SqlCommand class
Diagram Walkthrough
File Walkthrough
SqlCommand.java
Add wait_expect properties and actResult gettersrc/main/java/io/mo/cases/SqlCommand.java
waitExpect,waitExpectInterval,waitExpectTimeoutwith getters/settersgetActResult()for accessing actual resultExecutor.java
Implement wait_expect polling retry logicsrc/main/java/io/mo/db/Executor.java
run()method that polls query resultsuntil expected output matches or timeout
sets
genRS()method to wait before generating resultswhen wait_expect is enabled
ScriptParser.java
Add wait_expect flag parsing logicsrc/main/java/io/mo/util/ScriptParser.java
parseWaitExpectFlag()method to parse wait_expect flag withinterval and timeout parameters
processCommentLine()methodinterval/timeout constraints
COMMON.java
Add wait_expect flag constantsrc/main/java/io/mo/constant/COMMON.java
WAIT_EXPECT_FLAG = "-- @wait_expect"for flagrecognition
mo.yml
Update default database configurationmo.yml