eric-maynard commented on code in PR #1942:
URL: https://github.com/apache/polaris/pull/1942#discussion_r2175818626
##########
persistence/relational-jdbc/src/main/java/org/apache/polaris/persistence/relational/jdbc/DatasourceOperations.java:
##########
@@ -75,46 +76,51 @@ DatabaseType getDatabaseType() {
}
/**
- * Execute SQL script.
+ * Execute SQL script and close the associated input stream
*
- * @param scriptFilePath : Path of SQL script.
+ * @param scriptInputStream : Input stream containing the SQL script.
* @throws SQLException : Exception while executing the script.
*/
- public void executeScript(String scriptFilePath) throws SQLException {
- ClassLoader classLoader = DatasourceOperations.class.getClassLoader();
- runWithinTransaction(
- connection -> {
- try (Statement statement = connection.createStatement()) {
- BufferedReader reader =
- new BufferedReader(
- new InputStreamReader(
-
Objects.requireNonNull(classLoader.getResourceAsStream(scriptFilePath)),
- UTF_8));
- StringBuilder sqlBuffer = new StringBuilder();
- String line;
- while ((line = reader.readLine()) != null) {
- line = line.trim();
- if (!line.isEmpty() && !line.startsWith("--")) { // Ignore empty
lines and comments
- sqlBuffer.append(line).append("\n");
- if (line.endsWith(";")) { // Execute statement when semicolon
is found
- String sql = sqlBuffer.toString().trim();
- try {
- // since SQL is directly read from the file, there is
close to 0 possibility
- // of this being injected plus this run via an Admin tool,
if attacker can
- // fiddle with this that means lot of other things are
already compromised.
- statement.execute(sql);
- } catch (SQLException e) {
- throw new RuntimeException(e);
+ public void executeScript(InputStream scriptInputStream) throws SQLException
{
+ try {
+ runWithinTransaction(
+ connection -> {
+ try (Statement statement = connection.createStatement()) {
+ BufferedReader reader =
+ new BufferedReader(
+ new
InputStreamReader(Objects.requireNonNull(scriptInputStream), UTF_8));
+ StringBuilder sqlBuffer = new StringBuilder();
+ String line;
+ while ((line = reader.readLine()) != null) {
+ line = line.trim();
+ if (!line.isEmpty() && !line.startsWith("--")) { // Ignore
empty lines and comments
+ sqlBuffer.append(line).append("\n");
+ if (line.endsWith(";")) { // Execute statement when
semicolon is found
+ String sql = sqlBuffer.toString().trim();
+ try {
+ // since SQL is directly read from the file, there is
close to 0 possibility
+ // of this being injected plus this run via an Admin
tool, if attacker can
+ // fiddle with this that means lot of other things are
already compromised.
+ statement.execute(sql);
+ } catch (SQLException e) {
+ throw new RuntimeException(e);
+ }
+ sqlBuffer.setLength(0); // Clear the buffer for the next
statement
}
- sqlBuffer.setLength(0); // Clear the buffer for the next
statement
}
}
+ return true;
+ } catch (IOException e) {
+ throw new RuntimeException(e);
}
- return true;
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- });
+ });
+ } finally {
+ try {
+ scriptInputStream.close();
Review Comment:
Currently no, the only resource is the Statement:
```
try (Statement statement = connection.createStatement())
```
But if we added the BufferedReader there too, it might close the stream. Do
you want to do that instead?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
