yuqi1129 commented on code in PR #10068:
URL: https://github.com/apache/gravitino/pull/10068#discussion_r2894974883
##########
catalogs-contrib/catalog-jdbc-hologres/src/main/java/org/apache/gravitino/catalog/hologres/operation/HologresTableOperations.java:
##########
@@ -34,17 +68,123 @@
* <p>Hologres is PostgreSQL-compatible, so most table operations follow
PostgreSQL conventions.
* However, Hologres has specific features like table properties (orientation,
distribution_key,
* etc.) that are handled through the WITH clause in CREATE TABLE statements.
- *
- * <p>TODO: Full implementation will be added in a follow-up PR.
*/
public class HologresTableOperations extends JdbcTableOperations
implements RequireDatabaseOperation {
- public static final String HOLO_QUOTE = "\"";
+ public static final String NEW_LINE = "\n";
+ public static final String ALTER_TABLE = "ALTER TABLE ";
+ public static final String ALTER_COLUMN = "ALTER COLUMN ";
+ public static final String IS = " IS '";
+ public static final String COLUMN_COMMENT = "COMMENT ON COLUMN ";
+ public static final String TABLE_COMMENT = "COMMENT ON TABLE ";
+
+ private static final String HOLOGRES_NOT_SUPPORT_NESTED_COLUMN_MSG =
+ "Hologres does not support nested column names.";
+
+ /** Properties that are handled separately or read-only, excluded from the
WITH clause. */
+ private static final Set<String> EXCLUDED_TABLE_PROPERTIES =
+ ImmutableSet.of("distribution_key", "is_logical_partitioned_table",
"primary_key");
+
+ /** Properties that are meaningful for users, filtering out internal system
properties. */
+ private static final Set<String> USER_RELEVANT_PROPERTIES =
+ ImmutableSet.of(
+ "orientation",
+ "clustering_key",
+ "segment_key",
+ "bitmap_columns",
+ "dictionary_encoding_columns",
+ "time_to_live_in_seconds",
+ "table_group",
+ "storage_format",
+ "binlog.level",
+ "binlog.ttl",
+ "is_logical_partitioned_table",
+ "partition_expiration_time",
+ "partition_keep_hot_window",
+ "partition_require_filter",
+ "partition_generate_binlog_window");
+
+ private String database;
+ private HologresSchemaOperations schemaOperations;
+
+ @Override
+ protected String quoteIdentifier(String identifier) {
+ return "\"" + identifier + "\"";
Review Comment:
**Bug (Medium):** `quoteIdentifier` 没有对标识符中可能包含的双引号进行转义。如果 identifier 中包含
`"` 字符,生成的 SQL 会被截断或语法错误。
PostgreSQL 标准的做法是把内部双引号翻倍:
```java
return "\"" + identifier.replace("\"", "\"\"") + "\"";
```
虽然实际场景中表名/列名很少包含双引号,但作为防御性编程建议加上。
##########
catalogs-contrib/catalog-jdbc-hologres/src/main/java/org/apache/gravitino/catalog/hologres/operation/HologresTableOperations.java:
##########
@@ -56,20 +196,838 @@ protected String generateCreateTableSql(
Transform[] partitioning,
Distribution distribution,
Index[] indexes) {
- throw new UnsupportedOperationException(
- "Hologres table creation will be implemented in a follow-up PR.");
+ boolean isLogicalPartition =
+ MapUtils.isNotEmpty(properties)
+ &&
"true".equalsIgnoreCase(properties.get("is_logical_partitioned_table"));
+ StringBuilder sqlBuilder = new StringBuilder();
+ sqlBuilder.append(String.format("CREATE TABLE %s (%s",
quoteIdentifier(tableName), NEW_LINE));
+
+ // Add columns
+ for (int i = 0; i < columns.length; i++) {
+ JdbcColumn column = columns[i];
+ sqlBuilder.append(String.format(" %s",
quoteIdentifier(column.name())));
+
+ appendColumnDefinition(column, sqlBuilder);
+ // Add a comma for the next column, unless it's the last one
+ if (i < columns.length - 1) {
+ sqlBuilder.append(String.format(",%s", NEW_LINE));
+ }
+ }
+ appendIndexesSql(indexes, sqlBuilder);
+ sqlBuilder.append(String.format("%s)", NEW_LINE));
+
+ // Append partitioning clause if specified
+ if (ArrayUtils.isNotEmpty(partitioning)) {
+ appendPartitioningSql(partitioning, isLogicalPartition, sqlBuilder);
+ }
+
+ // Build WITH clause combining distribution and Hologres-specific table
properties
+ // Supported properties: orientation, distribution_key, clustering_key,
event_time_column,
+ // bitmap_columns, dictionary_encoding_columns, time_to_live_in_seconds,
table_group, etc.
+ List<String> withEntries = new ArrayList<>();
+
+ // Add distribution_key from Distribution parameter
+ if (!Distributions.NONE.equals(distribution)) {
+ validateDistribution(distribution);
+ String distributionColumns =
+ Arrays.stream(distribution.expressions())
+ .map(
+ expression -> {
+ Preconditions.checkArgument(
+ expression instanceof NamedReference,
+ "Hologres distribution expressions must be simple
column references");
+ String[] fieldNames = ((NamedReference)
expression).fieldName();
+ Preconditions.checkArgument(
+ fieldNames != null && fieldNames.length == 1,
+ "Hologres distribution expressions must reference a
single column");
+ return fieldNames[0];
+ })
+ .collect(Collectors.joining(","));
+ withEntries.add(String.format("distribution_key = '%s'",
distributionColumns));
+ }
+
+ // Add user-specified properties (filter out read-only /
internally-handled properties)
+ if (MapUtils.isNotEmpty(properties)) {
+ properties.forEach(
+ (key, value) -> {
+ if (!EXCLUDED_TABLE_PROPERTIES.contains(key)) {
+ withEntries.add(String.format("%s = '%s'", key, value));
Review Comment:
**Bug (High):** 这里 property key 和 value 都没有做转义/校验,直接拼进了 SQL 的 WITH 子句。
1. 如果 `value` 包含单引号 `'`,生成的 SQL 会语法错误甚至产生注入。
2. `key` 也是直接拼接,恶意 key 可以注入任意 SQL。
建议:
- 对 `value` 做 `value.replace("'", "''")`(和你在 COMMENT 里的处理保持一致)
- 对 `key` 做白名单校验或至少做 identifier 合法性检查
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
