From 36a6a32272c2ced4981028a58999cf3bd2d8e000 Mon Sep 17 00:00:00 2001 From: Gaofei Zhao <15748980+dippindots@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:01:23 -0500 Subject: [PATCH] Use prepared statements to avoid injection attack and clickhouse native array to improve performance --- .../helper/StudyViewFilterHelper.java | 12 ++++++++++++ .../web/parameter/CustomSampleIdentifier.java | 10 ++++++++++ .../StudyViewFilterMapper.xml | 19 +++++++++++-------- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java index 23615be0ef4..e783e684a82 100644 --- a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java +++ b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java @@ -55,6 +55,7 @@ public static StudyViewFilterHelper build(@Nullable StudyViewFilter studyViewFil private final StudyViewFilter studyViewFilter; private final CategorizedGenericAssayDataCountFilter categorizedGenericAssayDataCountFilter; private final List customDataSamples; + private final String[] filteredSampleIdentifiers; private final List involvedCancerStudies; private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, @@ -65,6 +66,13 @@ private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, this.categorizedGenericAssayDataCountFilter = extractGenericAssayDataCountFilters(studyViewFilter, genericAssayProfilesMap); this.customDataSamples = customDataSamples; this.involvedCancerStudies = involvedCancerStudies; + if (studyViewFilter != null && studyViewFilter.getSampleIdentifiers() != null) { + this.filteredSampleIdentifiers = studyViewFilter.getSampleIdentifiers().stream() + .map(sampleIdentifier -> sampleIdentifier.getStudyId() + "_" + sampleIdentifier.getSampleId()) + .toArray(String[]::new); + } else { + this.filteredSampleIdentifiers = new String[0]; + } } public StudyViewFilter studyViewFilter() { @@ -79,6 +87,10 @@ public List customDataSamples() { return this.customDataSamples; } + public String[] filteredSampleIdentifiers() { + return this.filteredSampleIdentifiers; + } + public List involvedCancerStudies() { return involvedCancerStudies; } diff --git a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java index 9f5f4e0bfe0..a9484cc148a 100644 --- a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java +++ b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java @@ -22,4 +22,14 @@ public String getValue() { public void setValue(String value) { this.value = value; } + + // Generating unique SampleId by concatenating studyId and sampleId + public String getUniqueSampleId() { + // Assuming studyId and sampleId are available in SampleIdentifier + // Concatenate with "_" in between if both values are not null + if (getStudyId() != null && getSampleId() != null) { + return getStudyId() + "_" + getSampleId(); + } + return null; // or return a default value if either studyId or sampleId is null + } } diff --git a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml index 584f8cf95bd..ca4550db32b 100644 --- a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml +++ b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml @@ -61,14 +61,14 @@ - - INTERSECT + + INTERSECT SELECT sample_unique_id FROM sample_derived WHERE sample_unique_id IN - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' - + ( + #{studyViewFilterHelper.filteredSampleIdentifiers, typeHandler=org.apache.ibatis.type.ArrayTypeHandler} + ) INTERSECT @@ -86,8 +86,8 @@ sample_unique_id IN ( '', - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId()} ) @@ -97,8 +97,11 @@ OR sample_unique_id NOT IN ( + '', - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId()} + )