currenjin opened a new pull request, #13790: URL: https://github.com/apache/skywalking/pull/13790
### Fix incorrect trace ID filter in `JDBCZipkinQueryDAO.getTraces(Set<String>, Duration)` - [x] Add unit tests to verify the fix. - [x] Update the [`CHANGES` log](https://github.com/apache/skywalking/blob/master/docs/en/changes/changes.md). The trace ID filter in `getTraces()` was built as chained OR conditions without parentheses: ```sql WHERE table_column = ? and trace_id = ? or trace_id = ? or trace_id = ? ``` Because `AND` has higher precedence than `OR` in SQL, this is evaluated as: ```sql WHERE (table_column = ? and trace_id = ?) or trace_id = ? or trace_id = ? ``` Only the first trace ID is filtered together with the `table_column` condition. The remaining trace IDs bypass the `table_column` filter entirely, potentially returning rows from unrelated tables. **Fix** Replaced the OR chain with a proper `IN` clause using individual bind parameters: ```sql WHERE table_column = ? and trace_id in (?,?,?) ``` This is the same pattern used in other JDBC DAOs like `JDBCEBPFProfilingTaskDAO.appendListCondition()`. - [ ] If this pull request closes/resolves/fixes an existing issue, replace the issue number. Closes #<issue number>. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
