From c2612b7c08b46cac780b1cc2e241f51f5fe744e4 Mon Sep 17 00:00:00 2001 From: Gaofei Zhao <15748980+dippindots@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:01:23 -0500 Subject: [PATCH] Use prepared statements to avoid injection attack and clickhouse native array to improve performance --- .../helper/StudyViewFilterHelper.java | 12 ++++++++++++ .../web/parameter/CustomSampleIdentifier.java | 10 ++++++++++ .../StudyViewFilterMapper.xml | 18 ++++++++++-------- 3 files changed, 32 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java index d10d85d98c4..31fee46a205 100644 --- a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java +++ b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java @@ -34,6 +34,7 @@ public static StudyViewFilterHelper build(@Nullable StudyViewFilter studyViewFil private final StudyViewFilter studyViewFilter; private final CategorizedGenericAssayDataCountFilter categorizedGenericAssayDataCountFilter; private final List customDataSamples; + private final String[] filteredSampleIdentifiers; private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, @NonNull Map> genericAssayProfilesMap, @@ -41,6 +42,13 @@ private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, this.studyViewFilter = studyViewFilter; this.categorizedGenericAssayDataCountFilter = extractGenericAssayDataCountFilters(studyViewFilter, genericAssayProfilesMap); this.customDataSamples = customDataSamples; + if (studyViewFilter != null && studyViewFilter.getSampleIdentifiers() != null) { + this.filteredSampleIdentifiers = studyViewFilter.getSampleIdentifiers().stream() + .map(sampleIdentifier -> sampleIdentifier.getStudyId() + "_" + sampleIdentifier.getSampleId()) + .toArray(String[]::new); + } else { + this.filteredSampleIdentifiers = new String[0]; + } } public StudyViewFilter studyViewFilter() { @@ -54,6 +62,10 @@ public CategorizedGenericAssayDataCountFilter categorizedGenericAssayDataCountFi public List customDataSamples() { return this.customDataSamples; } + + public String[] filteredSampleIdentifiers() { + return this.filteredSampleIdentifiers; + } private CategorizedGenericAssayDataCountFilter extractGenericAssayDataCountFilters(final StudyViewFilter studyViewFilter, Map> genericAssayProfilesMap) { if ((studyViewFilter.getGenericAssayDataFilters() == null || genericAssayProfilesMap.isEmpty())) diff --git a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java index 9f5f4e0bfe0..a9484cc148a 100644 --- a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java +++ b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java @@ -22,4 +22,14 @@ public String getValue() { public void setValue(String value) { this.value = value; } + + // Generating unique SampleId by concatenating studyId and sampleId + public String getUniqueSampleId() { + // Assuming studyId and sampleId are available in SampleIdentifier + // Concatenate with "_" in between if both values are not null + if (getStudyId() != null && getSampleId() != null) { + return getStudyId() + "_" + getSampleId(); + } + return null; // or return a default value if either studyId or sampleId is null + } } diff --git a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml index 2633361188f..2cb52116592 100644 --- a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml +++ b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml @@ -59,14 +59,14 @@ - - INTERSECT + + INTERSECT SELECT sample_unique_id FROM sample_derived WHERE sample_unique_id IN - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' - + ( + #{studyViewFilterHelper.filteredSampleIdentifiers, typeHandler=org.apache.ibatis.type.ArrayTypeHandler} + ) INTERSECT @@ -84,8 +84,8 @@ sample_unique_id IN ( '', - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId} ) @@ -96,7 +96,9 @@ OR sample_unique_id NOT IN ( - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId} + )