blazer 2.4.2 → 2.6.4

data/lib/blazer/adapters/athena_adapter.rb

@@ -1,7 +1,7 @@
 module Blazer
   module Adapters
     class AthenaAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params = [])
         require "digest/md5"
 
         columns = []
@@ -9,18 +9,43 @@ module Blazer
         error = nil
 
         begin
-          resp =
-            client.start_query_execution(
-              query_string: statement,
-              # use token so we fetch cached results after query is run
-              client_request_token: Digest::MD5.hexdigest([statement,data_source.id].join("/")),
-              query_execution_context: {
-                database: database,
-              },
-              result_configuration: {
-                output_location: settings["output_location"]
-              }
-            )
+          # use empty? since any? doesn't work for [nil]
+          if !bind_params.empty?
+            request_token = Digest::MD5.hexdigest([statement, bind_params.to_json, data_source.id, settings["workgroup"]].compact.join("/"))
+            statement_name = "blazer_#{request_token}"
+            begin
+              client.create_prepared_statement({
+                statement_name: statement_name,
+                work_group: settings["workgroup"],
+                query_statement: statement
+              })
+            rescue Aws::Athena::Errors::InvalidRequestException => e
+              raise e unless e.message.include?("already exists in WorkGroup")
+            end
+            using_statement = bind_params.map { |v| data_source.quote(v) }.join(", ")
+            statement = "EXECUTE #{statement_name} USING #{using_statement}"
+          else
+            request_token = Digest::MD5.hexdigest([statement, data_source.id, settings["workgroup"]].compact.join("/"))
+          end
+
+          query_options = {
+            query_string: statement,
+            # use token so we fetch cached results after query is run
+            client_request_token: request_token,
+            query_execution_context: {
+              database: database,
+            }
+          }
+
+          if settings["output_location"]
+            query_options[:result_configuration] = {output_location: settings["output_location"]}
+          end
+
+          if settings["workgroup"]
+            query_options[:work_group] = settings["workgroup"]
+          end
+
+          resp = client.start_query_execution(**query_options)
           query_execution_id = resp.query_execution_id
 
           timeout = data_source.timeout || 300
@@ -60,21 +85,21 @@ module Blazer
             column_types.each_with_index do |ct, i|
               # TODO more column_types
               case ct
-              when "timestamp"
+              when "timestamp", "timestamp with time zone"
                 rows.each do |row|
-                  row[i] = utc.parse(row[i])
+                  row[i] &&= utc.parse(row[i])
                 end
               when "date"
                 rows.each do |row|
-                  row[i] = Date.parse(row[i])
+                  row[i] &&= Date.parse(row[i])
                 end
               when "bigint"
                 rows.each do |row|
-                  row[i] = row[i].to_i
+                  row[i] &&= row[i].to_i
                 end
               when "double"
                 rows.each do |row|
-                  row[i] = row[i].to_f
+                  row[i] &&= row[i].to_f
                 end
               end
             end
@@ -105,12 +130,29 @@ module Blazer
         "SELECT * FROM {table} LIMIT 10"
       end
 
+      # https://docs.aws.amazon.com/athena/latest/ug/select.html#select-escaping
+      def quoting
+        :single_quote_escape
+      end
+
+      # https://docs.aws.amazon.com/athena/latest/ug/querying-with-prepared-statements.html
+      def parameter_binding
+        engine_version > 1 ? :positional : nil
+      end
+
       private
 
       def database
         @database ||= settings["database"] || "default"
       end
 
+      # note: this setting is experimental
+      # it does *not* need to be set to use engine version 2
+      # prepared statements must be manually deleted if enabled
+      def engine_version
+        @engine_version ||= (settings["engine_version"] || 1).to_i
+      end
+
       def fetch_error(query_execution_id)
         client.get_query_execution(
           query_execution_id: query_execution_id
@@ -118,11 +160,22 @@ module Blazer
       end
 
       def client
-        @client ||= Aws::Athena::Client.new
+        @client ||= Aws::Athena::Client.new(**client_options)
       end
 
       def glue
-        @glue ||= Aws::Glue::Client.new
+        @glue ||= Aws::Glue::Client.new(**client_options)
+      end
+
+      def client_options
+        @client_options ||= begin
+          options = {}
+          if settings["access_key_id"] || settings["secret_access_key"]
+            options[:credentials] = Aws::Credentials.new(settings["access_key_id"], settings["secret_access_key"])
+          end
+          options[:region] = settings["region"] if settings["region"]
+          options
+        end
       end
     end
   end

data/lib/blazer/adapters/base_adapter.rb

@@ -8,7 +8,22 @@ module Blazer
       end
 
       def run_statement(statement, comment)
-        # the one required method
+        # required
+      end
+
+      def quoting
+        # required, how to quote variables
+        # :backslash_escape - single quote strings and convert ' to \' and \ to \\
+        # :single_quote_escape - single quote strings and convert ' to ''
+        # ->(value) { ... } - custom method
+      end
+
+      def parameter_binding
+        # optional, but recommended when possible for security
+        # if specified, quoting is only used for display
+        # :positional - ?
+        # :numeric - $1
+        # ->(statement, values) { ... } - custom method
       end
 
       def tables

data/lib/blazer/adapters/bigquery_adapter.rb

@@ -1,24 +1,25 @@
 module Blazer
   module Adapters
     class BigQueryAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
         columns = []
         rows = []
         error = nil
 
         begin
-          results = bigquery.query(statement)
+          results = bigquery.query(statement, params: bind_params)
 
           # complete? was removed in google-cloud-bigquery 0.29.0
           # code is for backward compatibility
           if !results.respond_to?(:complete?) || results.complete?
             columns = results.first.keys.map(&:to_s) if results.size > 0
-            rows = results.map(&:values)
+            rows = results.all.map(&:values)
           else
             error = Blazer::TIMEOUT_MESSAGE
           end
         rescue => e
           error = e.message
+          error = Blazer::VARIABLE_MESSAGE if error.include?("Syntax error: Unexpected \"?\"")
         end
 
         [columns, rows, error]
@@ -42,6 +43,16 @@ module Blazer
         "SELECT * FROM `{table}` LIMIT 10"
       end
 
+      # https://cloud.google.com/bigquery/docs/reference/standard-sql/lexical#string_and_bytes_literals
+      def quoting
+        :backslash_escape
+      end
+
+      # https://cloud.google.com/bigquery/docs/parameterized-queries
+      def parameter_binding
+        :positional
+      end
+
       private
 
       def bigquery

data/lib/blazer/adapters/cassandra_adapter.rb

@@ -1,28 +1,29 @@
 module Blazer
   module Adapters
     class CassandraAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
         columns = []
         rows = []
         error = nil
 
         begin
-          response = session.execute("#{statement} /*#{comment}*/")
+          response = session.execute("#{statement} /*#{comment}*/", arguments: bind_params)
           rows = response.map { |r| r.values }
           columns = rows.any? ? response.first.keys : []
         rescue => e
           error = e.message
+          error = Blazer::VARIABLE_MESSAGE if error.include?("no viable alternative at input '?'")
         end
 
         [columns, rows, error]
       end
 
       def tables
-        session.execute("SELECT table_name FROM system_schema.tables WHERE keyspace_name = '#{keyspace}'").map { |r| r["table_name"] }
+        session.execute("SELECT table_name FROM system_schema.tables WHERE keyspace_name = #{data_source.quote(keyspace)}").map { |r| r["table_name"] }
       end
 
       def schema
-        result = session.execute("SELECT keyspace_name, table_name, column_name, type, position FROM system_schema.columns WHERE keyspace_name = '#{keyspace}'")
+        result = session.execute("SELECT keyspace_name, table_name, column_name, type, position FROM system_schema.columns WHERE keyspace_name = #{data_source.quote(keyspace)}")
         result.map(&:values).group_by { |r| [r[0], r[1]] }.map { |k, vs| {schema: k[0], table: k[1], columns: vs.sort_by { |v| v[2] }.map { |v| {name: v[2], data_type: v[3]} }} }
       end
 
@@ -30,6 +31,16 @@ module Blazer
         "SELECT * FROM {table} LIMIT 10"
       end
 
+      # https://docs.datastax.com/en/cql-oss/3.3/cql/cql_reference/escape_char_r.html
+      def quoting
+        :single_quote_escape
+      end
+
+      # https://docs.datastax.com/en/developer/nodejs-driver/3.0/features/parameterized-queries/
+      def parameter_binding
+        :positional
+      end
+
       private
 
       def cluster

data/lib/blazer/adapters/drill_adapter.rb

@@ -18,6 +18,16 @@ module Blazer
         [columns, rows, error]
       end
 
+      # https://drill.apache.org/docs/lexical-structure/#string
+      def quoting
+        :single_quote_escape
+      end
+
+      # https://issues.apache.org/jira/browse/DRILL-5079
+      def parameter_binding
+        # not supported
+      end
+
       private
 
       def drill

data/lib/blazer/adapters/druid_adapter.rb

@@ -3,15 +3,37 @@ module Blazer
     class DruidAdapter < BaseAdapter
       TIMESTAMP_REGEX = /\A\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d{3}Z\z/
 
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
+        require "json"
+        require "net/http"
+        require "uri"
+
         columns = []
         rows = []
         error = nil
 
+        params =
+          bind_params.map do |v|
+            type =
+              case v
+              when Integer
+                "BIGINT"
+              when Float
+                "DOUBLE"
+              when ActiveSupport::TimeWithZone
+                v = (v.to_f * 1000).round
+                "TIMESTAMP"
+              else
+                "VARCHAR"
+              end
+            {type: type, value: v}
+          end
+
         header = {"Content-Type" => "application/json", "Accept" => "application/json"}
         timeout = data_source.timeout ? data_source.timeout.to_i : 300
         data = {
           query: statement,
+          parameters: params,
           context: {
             timeout: timeout * 1000
           }
@@ -27,6 +49,8 @@ module Blazer
             error = response["errorMessage"] || "Unknown error: #{response.inspect}"
             if error.include?("timed out")
               error = Blazer::TIMEOUT_MESSAGE
+            elsif error.include?("Encountered \"?\" at")
+              error = Blazer::VARIABLE_MESSAGE
             end
           else
             columns = (response.first || {}).keys
@@ -62,6 +86,17 @@ module Blazer
       def preview_statement
         "SELECT * FROM {table} LIMIT 10"
       end
+
+      # https://druid.apache.org/docs/latest/querying/sql.html#identifiers-and-literals
+      # docs only mention double quotes
+      def quoting
+        :single_quote_escape
+      end
+
+      # https://druid.apache.org/docs/latest/querying/sql.html#dynamic-parameters
+      def parameter_binding
+        :positional
+      end
     end
   end
 end

data/lib/blazer/adapters/elasticsearch_adapter.rb

@@ -1,26 +1,27 @@
 module Blazer
   module Adapters
     class ElasticsearchAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
         columns = []
         rows = []
         error = nil
 
         begin
-          response = client.xpack.sql.query(body: {query: "#{statement} /*#{comment}*/"})
+          response = client.transport.perform_request("POST", endpoint, {}, {query: "#{statement} /*#{comment}*/", params: bind_params}).body
           columns = response["columns"].map { |v| v["name"] }
           # Elasticsearch does not differentiate between dates and times
-          date_indexes = response["columns"].each_index.select { |i| response["columns"][i]["type"] == "date" }
+          date_indexes = response["columns"].each_index.select { |i| ["date", "datetime"].include?(response["columns"][i]["type"]) }
           if columns.any?
             rows = response["rows"]
             date_indexes.each do |i|
               rows.each do |row|
-                row[i] = Time.parse(row[i])
+                row[i] &&= Time.parse(row[i])
               end
             end
           end
         rescue => e
           error = e.message
+          error = Blazer::VARIABLE_MESSAGE if error.include?("mismatched input '?'")
         end
 
         [columns, rows, error]
@@ -36,8 +37,22 @@ module Blazer
         "SELECT * FROM \"{table}\" LIMIT 10"
       end
 
+      # https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-lexical-structure.html#sql-syntax-string-literals
+      def quoting
+        :single_quote_escape
+      end
+
+      # https://www.elastic.co/guide/en/elasticsearch/reference/current/sql-rest-params.html
+      def parameter_binding
+        :positional
+      end
+
       protected
 
+      def endpoint
+        @endpoint ||= client.info["version"]["number"].to_i >= 7 ? "_sql" : "_xpack/sql"
+      end
+
       def client
         @client ||= Elasticsearch::Client.new(url: settings["url"])
       end

data/lib/blazer/adapters/hive_adapter.rb

@@ -25,6 +25,16 @@ module Blazer
         "SELECT * FROM {table} LIMIT 10"
       end
 
+      # https://cwiki.apache.org/confluence/display/Hive/LanguageManual+Types#LanguageManualTypes-StringsstringStrings
+      def quoting
+        :backslash_escape
+      end
+
+      # has variable substitution, but sets for session
+      # https://cwiki.apache.org/confluence/display/Hive/LanguageManual+VariableSubstitution
+      def parameter_binding
+      end
+
       protected
 
       def client

data/lib/blazer/adapters/ignite_adapter.rb

@@ -1,13 +1,13 @@
 module Blazer
   module Adapters
     class IgniteAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
         columns = []
         rows = []
         error = nil
 
         begin
-          result = client.query("#{statement} /*#{comment}*/", schema: default_schema, statement_type: :select, timeout: data_source.timeout)
+          result = client.query("#{statement} /*#{comment}*/", bind_params, schema: default_schema, statement_type: :select, timeout: data_source.timeout)
           columns = result.any? ? result.first.keys : []
           rows = result.map(&:values)
         rescue => e
@@ -37,6 +37,16 @@ module Blazer
       #   result.rows.group_by { |r| [r[0], r[1]] }.map { |k, vs| {schema: k[0], table: k[1], columns: vs.sort_by { |v| v[2] }.map { |v| {name: v[2], data_type: v[3]} }} }.sort_by { |t| [t[:schema] == default_schema ? "" : t[:schema], t[:table]] }
       # end
 
+      def quoting
+        :single_quote_escape
+      end
+
+      # query arguments
+      # https://ignite.apache.org/docs/latest/binary-client-protocol/sql-and-scan-queries#op_query_sql
+      def parameter_binding
+        :positional
+      end
+
       private
 
       def default_schema

data/lib/blazer/adapters/influxdb_adapter.rb

@@ -8,16 +8,19 @@ module Blazer
 
         begin
           result = client.query(statement, denormalize: false).first
-          columns = result["columns"]
-          rows = result["values"]
-
-          # parse time columns
-          # current approach isn't ideal, but result doesn't include types
-          # another approach would be to check the format
-          time_index = columns.index("time")
-          if time_index
-            rows.each do |row|
-              row[time_index] = Time.parse(row[time_index]) if row[time_index]
+
+          if result
+            columns = result["columns"]
+            rows = result["values"]
+
+            # parse time columns
+            # current approach isn't ideal, but result doesn't include types
+            # another approach would be to check the format
+            time_index = columns.index("time")
+            if time_index
+              rows.each do |row|
+                row[time_index] = Time.parse(row[time_index]) if row[time_index]
+              end
             end
           end
         rescue => e
@@ -35,6 +38,15 @@ module Blazer
         "SELECT * FROM {table} LIMIT 10"
       end
 
+      # https://docs.influxdata.com/influxdb/v1.8/query_language/spec/#strings
+      def quoting
+        :backslash_escape
+      end
+
+      def parameter_binding
+        # not supported
+      end
+
       protected
 
       def client

data/lib/blazer/adapters/mongodb_adapter.rb

@@ -25,6 +25,10 @@ module Blazer
         "db.{table}.find().limit(10)"
       end
 
+      def quoting
+        :backslash_escape
+      end
+
       protected
 
       def client

data/lib/blazer/adapters/neo4j_adapter.rb

@@ -1,13 +1,13 @@
 module Blazer
   module Adapters
     class Neo4jAdapter < BaseAdapter
-      def run_statement(statement, comment)
+      def run_statement(statement, comment, bind_params)
         columns = []
         rows = []
         error = nil
 
         begin
-          result = session.query("#{statement} /*#{comment}*/")
+          result = session.query("#{statement} /*#{comment}*/", bind_params)
           columns = result.columns.map(&:to_s)
           rows = []
           result.each do |row|
@@ -19,6 +19,7 @@ module Blazer
           end
         rescue => e
           error = e.message
+          error = Blazer::VARIABLE_MESSAGE if error.include?("Invalid input '$'")
         end
 
         [columns, rows, error]
@@ -33,6 +34,20 @@ module Blazer
         "MATCH (n:{table}) RETURN n LIMIT 10"
       end
 
+      # https://neo4j.com/docs/cypher-manual/current/syntax/expressions/#cypher-expressions-string-literals
+      def quoting
+        :backslash_escape
+      end
+
+      def parameter_binding
+        proc do |statement, variables|
+          variables.each_key do |k|
+            statement = statement.gsub("{#{k}}") { "$#{k} " }
+          end
+          [statement, variables]
+        end
+      end
+
       protected
 
       def session

data/lib/blazer/adapters/opensearch_adapter.rb

@@ -0,0 +1,52 @@
+module Blazer
+  module Adapters
+    class OpensearchAdapter < BaseAdapter
+      def run_statement(statement, comment)
+        columns = []
+        rows = []
+        error = nil
+
+        begin
+          response = client.transport.perform_request("POST", "_plugins/_sql", {}, {query: "#{statement} /*#{comment}*/"}).body
+          columns = response["schema"].map { |v| v["name"] }
+          # TODO typecast more types
+          # https://github.com/opensearch-project/sql/blob/main/docs/user/general/datatypes.rst
+          date_indexes = response["schema"].each_index.select { |i| response["schema"][i]["type"] == "timestamp" }
+          if columns.any?
+            rows = response["datarows"]
+            utc = ActiveSupport::TimeZone["Etc/UTC"]
+            date_indexes.each do |i|
+              rows.each do |row|
+                row[i] &&= utc.parse(row[i])
+              end
+            end
+          end
+        rescue => e
+          error = e.message
+        end
+
+        [columns, rows, error]
+      end
+
+      def tables
+        indices = client.cat.indices(format: "json").map { |v| v["index"] }
+        aliases = client.cat.aliases(format: "json").map { |v| v["alias"] }
+        (indices + aliases).uniq.sort
+      end
+
+      def preview_statement
+        "SELECT * FROM `{table}` LIMIT 10"
+      end
+
+      def quoting
+        # unknown
+      end
+
+      protected
+
+      def client
+        @client ||= OpenSearch::Client.new(url: settings["url"])
+      end
+    end
+  end
+end

data/lib/blazer/adapters/presto_adapter.rb

@@ -25,6 +25,15 @@ module Blazer
         "SELECT * FROM {table} LIMIT 10"
       end
 
+      def quoting
+        :single_quote_escape
+      end
+
+      # TODO support prepared statements - https://prestodb.io/docs/current/sql/prepare.html
+      # feature request for variables - https://github.com/prestodb/presto/issues/5918
+      def parameter_binding
+      end
+
       protected
 
       def client

data/lib/blazer/adapters/salesforce_adapter.rb

@@ -35,6 +35,11 @@ module Blazer
         "SELECT Id FROM {table} LIMIT 10"
       end
 
+      # https://developer.salesforce.com/docs/atlas.en-us.soql_sosl.meta/soql_sosl/sforce_api_calls_soql_select_quotedstringescapes.htm
+      def quoting
+        :backslash_escape
+      end
+
       protected
 
       def client

data/lib/blazer/adapters/snowflake_adapter.rb

@@ -68,6 +68,15 @@ module Blazer
       def cancel(run_id)
         # todo
       end
+
+      # https://docs.snowflake.com/en/sql-reference/data-types-text.html#escape-sequences
+      def quoting
+        :backslash_escape
+      end
+
+      def parameter_binding
+        # TODO
+      end
     end
   end
 end

data/lib/blazer/adapters/soda_adapter.rb

@@ -2,6 +2,10 @@ module Blazer
   module Adapters
     class SodaAdapter < BaseAdapter
       def run_statement(statement, comment)
+        require "json"
+        require "net/http"
+        require "uri"
+
         columns = []
         rows = []
         error = nil
@@ -91,6 +95,11 @@ module Blazer
       def tables
         ["all"]
       end
+
+      # https://dev.socrata.com/docs/datatypes/text.html
+      def quoting
+        :single_quote_escape
+      end
     end
   end
 end