[Hibernate-JIRA] Created: (HHH-3458) Register postgres random() function as "rand" in PostgresSQLDialect
by Stephen Cresswell (JIRA)
Register postgres random() function as "rand" in PostgresSQLDialect
-------------------------------------------------------------------
Key: HHH-3458
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-3458
Project: Hibernate3
Issue Type: Improvement
Components: build
Affects Versions: 3.2.5
Environment: Postgres 8.3
Reporter: Stephen Cresswell
Priority: Trivial
I have an HQL query which uses "order by rand()". This works fine in our local integration tests (which are run against hsqldb), but fails against our build integration tests which runs postgres.
The reason the query fails is because postgres function for "rand" is called "random". We can workaround this by dynamically detecting the db driver and generating db specific queries, but it strikes me that the cleanest solution for this is to simply re-register postgres' random function as "rand" in the PostgresSQLDialect, i.e.
registerFunction( "random", new NoArgSQLFunction("random", Hibernate.DOUBLE) );
registerFunction( "rand", new NoArgSQLFunction("random", Hibernate.DOUBLE) );
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 11 months
[Hibernate-JIRA] Created: (HHH-6643) Criteria doesn't support a chaining of 2 not restrictions (sql = not not criterion)
by Lorber Sebastien (JIRA)
Criteria doesn't support a chaining of 2 not restrictions (sql = not not criterion)
-----------------------------------------------------------------------------------
Key: HHH-6643
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-6643
Project: Hibernate Core
Issue Type: Bug
Components: query-criteria
Affects Versions: 3.2.7
Environment: Oracle 10g
Hibernate 3.2.7
Reporter: Lorber Sebastien
Priority: Trivial
When we do:
"Restrictions.not( Restrictions.not( Restrictions.eq("field",3) ) );"
Hibernate generates
"where not not field=3"
Which generates an SQL exception
The correct SQL syntax is:
"where not (not field=3)"
(At least our Oracle)
I think Hibernate should handle such a case.
/!\
See org.hibernate.criterion.NotExpression#toSqlString
It seems that for MySQLDialect the parenthesis are added, but not for other dialects...
I don't know the sql specificities of all dialects but perhaps the parenthesis should be added also for oracle dialect?
Note that we use a custom dialect, extending Oracle10gDialect
For those interested: i'm doing two not on a criterion instead of using the criterion directly.
In real world, my code sample would be a little more complex: sometimes we compose with a lot of criterions, in many different methods.
So i do not exactly use Restrictions.not( Restrictions.not( criterion ) );
Trust me, bad luck, it happened that the dynamic composition of my restrictions, in one specific case, resulted on a double not restriction applied to a criterion.
Note that an easy workaround of this is to "add the parenthesis manually".
A conjunction is a bit like an "empty restriction" thus what i've done is:
Restrictions.not(
Restrictions.and(
Restrictions.not(
Restrictions.eq("field",3)
),
Restrictions.conjunction()
)
);
Adding the "not criterion" into conjunction containing only the criterion.
This way, the sql of my inner not restriction become something like:
( not field = 3 AND 1=1 )
-> We can apply a not on that, while we weren't able on "not field = 3"
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 11 months
[Hibernate-JIRA] Created: (HHH-2448) Generate identical column aliases among cluster
by Loïc LEFEVRE (JIRA)
Generate identical column aliases among cluster
-----------------------------------------------
Key: HHH-2448
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-2448
Project: Hibernate3
Type: Improvement
Components: query-sql
Versions: 3.2.2
Environment: Hibernate version: 3.2.2, 2.1.8
Database: Oracle 9.2.0.8
Reporter: Loïc LEFEVRE
Attachments: report_1.txt, report_2.txt
Among our weblogic cluster (12 instances), we can see that a query can have different column aliases.
Although all seems correct, when regarding database reports like StatsPack or Spotlight we can see that because of these different aliases, the reports are wrong. Indeed, a resource consuming query can see its associated report properties (cpu usage, buffer gets, number of executions...) divided by the number of weblogic instances of our cluster (i.e. divided by 12) thus preventing us to pinpoint the queries to look at.
On a 3 instances cluster, we can see this report:
REPORT#1: one statement with a poor number of buffer gets/execution is reported splitted in 3, see the alias generated for column DTO.CREATION_DATE
for example
On a 4 instances cluster, we can see this report:
REPORT#2: one statement responsible of the latch free/cache buffers chains wait events splitted in 4, note the column alias generated fordeffcashcy0_.BEST_EXPECTED_CY
More than confusing the DBAs about the same query with n different "faces", our reports don't show us all the queries to look at: indeed, in our "Top 50 queries", a lot of them are duplicates! Also the memory required in the SGA to store the queries, the execution plan and so on is increased...
Finally, although the column aliases can have up to 30 characters under Oracle, the limit is set to 10, why?
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
11 years, 11 months
[Hibernate-JIRA] Created: (HHH-5255) Bytecode instrumented byte[] lazy properties do not work
by Kyrill Alyoshin (JIRA)
Bytecode instrumented byte[] lazy properties do not work
--------------------------------------------------------
Key: HHH-5255
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-5255
Project: Hibernate Core
Issue Type: Bug
Components: core
Affects Versions: 3.5.2
Environment: Hibernate-3.5.2, Oracle 10g
Reporter: Kyrill Alyoshin
Well, I have an entity that stores a byte[] property as a Blob.
@Lob
@Basic(optional = false, fetch = FetchType.LAZY)
public byte[] getContent() {
return content;
}
The content can be pretty large, so I marked it as lazy and to enable lazy property fetching I am instrumenting the class at build-time using org.hibernate.tool.instrument.javassist.InstrumentTask just as the documentation says.
However, when I call session.merge on this entity, I can get this stacktrace:
java.lang.ClassCastException: org.hibernate.intercept.LazyPropertyInitializer$1 cannot be cast to [B
at org.hibernate.type.AbstractLongBinaryType.toInternalFormat(AbstractLongBinaryType.java:46)
at org.hibernate.type.AbstractBynaryType.isEqual(AbstractBynaryType.java:134)
at org.hibernate.type.NullableType.isEqual(NullableType.java:233)
at org.hibernate.type.MutableType.replace(MutableType.java:60)
at org.hibernate.type.TypeFactory.replace(TypeFactory.java:548)
at org.hibernate.event.def.DefaultMergeEventListener.copyValues(DefaultMergeEventListener.java:495)
at org.hibernate.event.def.DefaultMergeEventListener.entityIsDetached(DefaultMergeEventListener.java:423)
at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:234)
at org.hibernate.event.def.DefaultMergeEventListener.onMerge(DefaultMergeEventListener.java:84)
at org.hibernate.impl.SessionImpl.fireMerge(SessionImpl.java:859)
at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:843)
at org.hibernate.impl.SessionImpl.merge(SessionImpl.java:847)
It seems to work fine on session.get()
I think it is a bug.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 11 months
[Hibernate-JIRA] Created: (HHH-3811) Bug: No ability to escape SQL keywords in HQL queries.
by John Roberts (JIRA)
Bug: No ability to escape SQL keywords in HQL queries.
------------------------------------------------------
Key: HHH-3811
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-3811
Project: Hibernate Core
Issue Type: Bug
Components: core
Affects Versions: 3.3.0.CR1
Environment: 3.3.0.CR1, MS SQL Server 2005 Express
Reporter: John Roberts
Priority: Critical
There appears to be no way to escape property names that are SQL keywords in HQL queries. For example, if you have a property named "key", which is a reasonable name for a property, and you are constructing an HQL query, e.g.:
session.createQuery("select from Entities where key=?");
That will fail on MS SQL Server, because "key" is a reserved T-SQL keyword. However, there is no way to make it succeed, as either an absent-minded developer appears to have forgotten to add the ability to escape keywords to HQL (oops), or it's the secret of the millennium and was left out of the documentation on purpose (it has certainly boggled the minds of the folks on FreeNode #java, #hibernate, and the hibernate forum). Note that none of the following will succeed (this is what I have tried so far):
session.createQuery("select from Entities where key=?");
session.createQuery("select from Entities where [key]=?"); // <-- mssql style still fails to be parsed
session.createQuery("select from Entities where `key`=?");
session.createQuery("select from Entities where 'key'=?");
session.createQuery("select from Entities where \"key\"=?");
session.createQuery("select from Entities where ''key''=?");
session.createQuery("select from Entities where {key}=?");
session.createQuery("select from Entities where <key>=?");
session.createQuery("select from Entities where (key)=?");
session.createQuery("select from Entities where $key$=?");
session.createQuery("select from Entities where $key=?");
Note that using the underlying DBMS's escape method *does* work for column names in the entity mappings, but does not work in actual HQL.
Since most DBMS's have their own dialects of SQL, the inability to escape keywords in HQL means that it is generally impossible to guarantee that any given HQL query will work unless you specifically design your application around the underlying DBMS (which is precisely one of the things you were hoping to avoid with Hibernate -- although on the other hand you're already tied to the DBMS with escaped keywords in the entity mapping anyways).
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://opensource.atlassian.com/projects/hibernate/secure/Administrators....
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 11 months
[Hibernate-JIRA] Created: (HHH-6672) Inserting UNION a HQL and JP-QL query string truncates the query. This makes exploiting HQL Injections easier. Security issue.
by Peter Schuler (JIRA)
Inserting UNION a HQL and JP-QL query string truncates the query. This makes exploiting HQL Injections easier. Security issue.
------------------------------------------------------------------------------------------------------------------------------
Key: HHH-6672
URL: http://opensource.atlassian.com/projects/hibernate/browse/HHH-6672
Project: Hibernate Core
Issue Type: Bug
Components: query-hql
Affects Versions: 4.0.0.CR3, 3.6.7
Environment: Mysql Database
Reporter: Peter Schuler
Inserting the word 'union' anywhere in a HQL or JP-QL query truncates the query string. I consider this a security issue because it makes exploiting HQL of JP-QL injections easier.
For example:
from Persoon p where p.persoonId = '1' --> returns just 1 entry.
But:
from Persoon p union where p.persoonId = '1' --> ignores the part after union and returns the whole table.
However:
from Persoon p unionS where p.persoonId = '1' --> or any other word results in a QuerySyntaxException as is expected.
This behaviour is documented in HHH-1050. It looks like this in a halfway implemented feature.
This undocumented behaviour is a security risk because it makes exploiting JP-QL or HQL injections a lot easier. If you can inject into the query string you can easily truncate the remainder of the query. Even if the remainder will somehow restrict the the query result.
This can be fixed changing the behaviour of the query parser by throwing a QuerySyntaxException.
ps: I'll try to add a test case but I hope I've provided enough information.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
11 years, 11 months