sonatype-lift[bot] commented on code in PR #1691:
URL: https://github.com/apache/solr/pull/1691#discussion_r1218010088
##########
solr/core/src/java/org/apache/solr/search/join/ScoreJoinQParserPlugin.java:
##########
@@ -262,7 +270,8 @@ private Query createQuery(
if (fromIndex != null && (!fromIndex.equals(myCore) ||
byPassShortCircutCheck)) {
CoreContainer container = req.getCoreContainer();
- final String coreName = getCoreName(fromIndex, container);
+ final String coreName =
+ getCoreName(fromIndex, container, req.getCore(), toField,
fromField, localParams);
Review Comment:
<picture><img alt="16% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/16/display.svg";></picture>
<b>*NULL_DEREFERENCE:</b>* object `container` last assigned on line 271
could be null and is dereferenced by call to `getCoreName(...)` at line 274.
---
<details><summary>ℹ️ Expand to see all <b>@sonatype-lift</b>
commands</summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
##########
solr/core/src/java/org/apache/solr/search/JoinQParserPlugin.java:
##########
@@ -153,7 +153,14 @@ JoinParams parseJoin(QParser qparser) throws SyntaxError {
CoreContainer container = qparser.req.getCoreContainer();
// if in SolrCloud mode, fromIndex should be the name of a
single-sharded collection
- coreName = ScoreJoinQParserPlugin.getCoreName(fromIndex, container);
+ coreName =
+ ScoreJoinQParserPlugin.getCoreName(
Review Comment:
<picture><img alt="16% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/16/display.svg";></picture>
<b>*NULL_DEREFERENCE:</b>* object `container` last assigned on line 153
could be null and is dereferenced by call to `getCoreName(...)` at line 157.
---
<details><summary>ℹ️ Expand to see all <b>@sonatype-lift</b>
commands</summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
##########
solr/core/src/java/org/apache/solr/search/join/ScoreJoinQParserPlugin.java:
##########
@@ -355,43 +375,163 @@ private static String resolveAlias(String fromIndex,
ZkController zkController)
}
}
- private static String findLocalReplicaForFromIndex(ZkController
zkController, String fromIndex) {
- String fromReplica = null;
-
- String nodeName = zkController.getNodeName();
- for (Slice slice :
-
zkController.getClusterState().getCollection(fromIndex).getActiveSlicesArr()) {
- if (fromReplica != null)
- throw new SolrException(
- SolrException.ErrorCode.BAD_REQUEST,
- "SolrCloud join: To join with a sharded collection, use
method=crossCollection.");
-
- for (Replica replica : slice.getReplicas()) {
- if (replica.getNodeName().equals(nodeName)) {
- fromReplica = replica.getStr(ZkStateReader.CORE_NAME_PROP);
- // found local replica, but is it Active?
- if (replica.getState() != Replica.State.ACTIVE)
- throw new SolrException(
- SolrException.ErrorCode.BAD_REQUEST,
- "SolrCloud join: "
- + fromIndex
- + " has a local replica ("
- + fromReplica
- + ") on "
- + nodeName
- + ", but it is "
- + replica.getState());
+ private static String findLocalReplicaForFromIndex(
+ ZkController zkController,
+ String fromIndex,
+ SolrCore toCore,
+ String toField,
+ String fromField,
+ SolrParams localParams) {
+ final DocCollection fromCollection =
zkController.getClusterState().getCollection(fromIndex);
+ final String nodeName = zkController.getNodeName();
+ final String hitTheRoad =
+ "SolrCloud join: To join with a collection that might not be
co-located, use method=crossCollection.";
+ if (fromCollection.getSlices().size() == 1) {
+ String fromReplica = null;
+
+ for (Slice slice : fromCollection.getActiveSlicesArr()) {
+ if (fromReplica != null)
+ throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
hitTheRoad);
+
+ for (Replica replica : slice.getReplicas()) {
+ if (replica.getNodeName().equals(nodeName)) {
+ fromReplica = replica.getStr(ZkStateReader.CORE_NAME_PROP);
+ // found local replica, but is it Active?
+ if (replica.getState() != Replica.State.ACTIVE)
+ throw new SolrException(
+ SolrException.ErrorCode.BAD_REQUEST,
+ "SolrCloud join: "
+ + fromIndex
+ + " has a local replica ("
+ + fromReplica
+ + ") on "
+ + nodeName
+ + ", but it is "
+ + replica.getState());
+
+ break;
+ }
+ }
+ }
+ if (fromReplica == null)
+ throw new SolrException(SolrException.ErrorCode.BAD_REQUEST,
hitTheRoad);
+
+ return fromReplica;
+ } else { // sharded from
+ final CloudDescriptor toCoreDescriptor =
toCore.getCoreDescriptor().getCloudDescriptor();
+ final String toShardId = toCoreDescriptor.getShardId();
+ final DocCollection toCollection =
+
zkController.getClusterState().getCollection(toCoreDescriptor.getCollectionName());
+
+ String routerName = checkRouters(toCollection, fromCollection,
hitTheRoad);
+ boolean checkField = false;
+ switch (routerName) {
Review Comment:
<picture><img alt="4% of developers fix this issue"
src="https://lift.sonatype.com/api/commentimage/fixrate/4/display.svg";></picture>
<b>*[UNSAFE_HASH_EQUALS](https://find-sec-bugs.github.io/bugs.htm#UNSAFE_HASH_EQUALS):</b>*
Unsafe comparison of hash that are susceptible to timing attack
---
<details><summary>ℹ️ Expand to see all <b>@sonatype-lift</b>
commands</summary>
You can reply with the following commands. For example, reply with
***@sonatype-lift ignoreall*** to leave out all findings.
| **Command** | **Usage** |
| ------------- | ------------- |
| `@sonatype-lift ignore` | Leave out the above finding from this PR |
| `@sonatype-lift ignoreall` | Leave out all the existing findings from this
PR |
| `@sonatype-lift exclude <file\|issue\|path\|tool>` | Exclude specified
`file\|issue\|path\|tool` from Lift findings by updating your config.toml file |
**Note:** When talking to LiftBot, you need to **refresh** the page to see
its response.
<sub>[Click here](https://github.com/apps/sonatype-lift/installations/new)
to add LiftBot to another repo.</sub></details>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
![https://lift.sonatype.com/api/commentimage/fixrate/16/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/16/display.svg"){kind=link}
![https://lift.sonatype.com/api/commentimage/fixrate/4/display.svg"](https://lift.sonatype.com/api/commentimage/fixrate/4/display.svg"){kind=link}