sequel 5.101.0 → 5.104.0

data/lib/sequel/model/associations.rb

@@ -112,6 +112,8 @@ module Sequel
         # the dataset unmodified if no SQL limit strategy is needed.
         def apply_eager_graph_limit_strategy(strategy, ds)
           case strategy
+          when :lateral_subquery
+            apply_lateral_subquery_eager_graph_limit_strategy(ds)
           when :distinct_on
             apply_distinct_on_eager_limit_strategy(ds.order_prepend(*self[:order]))
           when :window_function
@@ -298,7 +300,12 @@ module Sequel
             # Correlated subqueries are not supported for regular eager loading
             strategy = :ruby if strategy == :correlated_subquery
             strategy = nil if strategy == :ruby && assign_singular?
-            objects = apply_eager_limit_strategy(ds, strategy, eager_limit).all
+
+            objects = if strategy == :lateral_subquery
+              apply_lateral_subquery_eager_limit_strategy(ds, ids, eager_limit).all
+            else
+              apply_eager_limit_strategy(ds, strategy, eager_limit).all
+            end
 
             if strategy == :window_function
               delete_rn = ds.row_number_column 
@@ -320,7 +327,7 @@ module Sequel
                 end
                 loader.append_sql(sql, *k)
               end
-              objects.concat(ds.with_sql(sql).to_a)
+              objects.concat(ds.with_sql(sql.freeze).to_a)
             end
             ds = ds.eager(cascade) if cascade
             ds.send(:post_load, objects)
@@ -366,7 +373,12 @@ module Sequel
         # filtered.  Works by using a subquery to test that the objects passed
         # also meet the association filter criteria.
         def filter_by_associations_conditions_expression(obj)
-          ds = filter_by_associations_conditions_dataset.where(filter_by_associations_conditions_subquery_conditions(obj))
+          ds = if filter_by_associations_limit_strategy == :lateral_subquery
+            apply_lateral_subquery_filter_limit_strategy(associated_eager_dataset, obj)
+          else
+            filter_by_associations_conditions_dataset.where(filter_by_associations_conditions_subquery_conditions(obj))
+          end
+
           {filter_by_associations_conditions_key=>ds}
         end
 
@@ -754,6 +766,61 @@ module Sequel
           end
         end
 
+        def lateral_subquery_eager_limit_strategy_lateral_dataset(ds, limit_and_offset)
+          ds.
+            where(Array(filter_by_associations_conditions_key).zip(Array(filter_by_associations_conditions_associated_keys))).
+            limit(*limit_and_offset).
+            lateral
+        end
+
+        def apply_lateral_subquery_eager_limit_strategy(ds, ids, limit_and_offset)
+          table_name = self[:model].table_name
+          associated_table_name = associated_class.table_name
+
+          associated_class.
+            from(table_name).
+            select_all(associated_table_name).
+            join(lateral_subquery_eager_limit_strategy_lateral_dataset(ds, limit_and_offset).as(associated_table_name), true).
+            order(*self[:order])
+        end
+
+        # Return an expression to filter the filter by associations dataset to only
+        # rows related to given objects.
+        def _lateral_subquery_filter_limit_strategy_conditions(obj, key, value_method, value_column)
+          value = case obj
+          when Array
+            if key.is_a?(Array)
+              key_methods = Array(value_method)
+              obj.map{|o| key_methods.map{|meth| o.send(meth)}}
+            else
+              obj.map{|o| o.send(value_method)}
+            end
+          when Sequel::Dataset
+            obj.select(*Array(qualify(associated_class.table_name, value_column)))
+          else
+            if key.is_a?(Array)
+              return Array(key).zip(Array(value_method).map{|meth| obj.send(meth)})
+            else
+              obj.send(value_method)
+            end
+          end
+
+          {key => value}
+        end
+
+        def lateral_subquery_filter_limit_strategy_lateral_dataset(ds, obj)
+          lateral_subquery_filter_limit_strategy_filter_lateral_dataset(ds.
+            select(*qualify(associated_class.table_name, associated_class.primary_key)).
+            limit(*limit_and_offset).
+            lateral)
+        end
+
+        def apply_lateral_subquery_filter_limit_strategy(ds, obj)
+          lateral_subquery_filter_limit_strategy_filter_dataset(self[:model].
+            select(*lateral_subquery_filter_limit_strategy_lateral_dataset_select).
+            join(lateral_subquery_filter_limit_strategy_lateral_dataset(ds, obj).as(associated_class.table_name), filter_by_associations_conditions_subquery_conditions(obj)), obj)
+        end
+
         # Whether to limit the associated dataset to a single row.
         def limit_to_single_row?
           !returns_array?
@@ -776,7 +843,12 @@ module Sequel
                 end
               end
 
-              apply_eager_limit_strategy(ds.where(predicate_key=>arg), eager_limit_strategy)
+              strategy = eager_limit_strategy
+              if strategy == :lateral_subquery
+                apply_lateral_subquery_eager_limit_strategy(ds, arg, limit_and_offset)
+              else
+                apply_eager_limit_strategy(ds.where(predicate_key=>arg), strategy)
+              end
             end
           end
         end
@@ -1018,7 +1090,7 @@ module Sequel
       class OneToManyAssociationReflection < AssociationReflection
         ASSOCIATION_TYPES[:one_to_many] = self
         
-        # Support a correlated subquery limit strategy when using eager_graph.
+        # Support a lateral_subquery and correlated_subquery limit strategy when using eager_graph.
         def apply_eager_graph_limit_strategy(strategy, ds)
           case strategy
           when :correlated_subquery
@@ -1118,6 +1190,54 @@ module Sequel
           ds.where(qualify(table_alias, primary_key)=>cs)
         end
 
+        # Use a LATERAL subquery to limit the dataset.  Note that this will not
+        # work correctly if the associated dataset uses qualified identifers in the WHERE clause,
+        # as they would reference the containing query instead of the subquery.
+        #
+        # This does not contain the conditions that are necessary to join to the
+        # query, since the necessary qualifier is not passed as an argument.
+        def apply_lateral_subquery_eager_graph_limit_strategy(ds)
+          table_name = ds.first_source_alias
+          qualifier = ds.opts[:eager_options][:implicit_qualifier]
+          graph_conditions = self[:_graph_conditions]
+
+          unless Sequel.condition_specifier?(graph_conditions)
+            raise Error, "lateral_subquery eager graph limit strategy only supported when graph conditions are a hash or array of pairs"
+          end
+
+          ds.
+            limit(*limit_and_offset).
+            order(*self[:order]).
+            where(graph_conditions.map{|k, v| [qualify(table_name, k), qualify(qualifier, v)]}).
+            lateral
+        end
+
+        # Avoid setting duplicate predicate condition when using the lateral subquery
+        # eager limit strategy.
+        def eager_loading_set_predicate_condition(ds, eo)
+          eager_limit_strategy == :lateral_subquery ? ds : super
+        end
+
+        def apply_lateral_subquery_eager_limit_strategy(ds, ids, limit_and_offset)
+          super.where(qualify(self[:model].table_name, self[:primary_key]) => ids)
+        end
+
+        def lateral_subquery_filter_limit_strategy_conditions(obj)
+          _lateral_subquery_filter_limit_strategy_conditions(obj, filter_by_associations_conditions_key, self[:key_method], self[:key])
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_lateral_dataset(ds)
+          ds.where(Array(filter_by_associations_conditions_key).zip(Array(filter_by_associations_conditions_associated_keys)))
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_dataset(ds, obj)
+          ds.where(lateral_subquery_filter_limit_strategy_conditions(obj))
+        end
+
+        def lateral_subquery_filter_limit_strategy_lateral_dataset_select
+          qualified_primary_key
+        end
+
         # Support correlated subquery strategy when filtering by limited associations.
         def apply_filter_by_associations_limit_strategy(ds)
           case filter_by_associations_limit_strategy
@@ -1432,6 +1552,52 @@ module Sequel
           end
         end
 
+        def lateral_subquery_filter_limit_strategy_conditions(obj)
+          _lateral_subquery_filter_limit_strategy_conditions(obj, lateral_subquery_filter_limit_strategy_conditions_key, right_primary_key_method, right_primary_key)
+        end
+
+        def lateral_subquery_filter_limit_strategy_conditions_key
+          self[:right_key]
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_lateral_dataset(ds)
+          ds.where(Array(filter_by_associations_conditions_key).zip(Array(filter_by_associations_conditions_associated_keys)))
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_dataset(ds, obj)
+          ds.where(filter_by_associations_conditions_key => ds.db.from(self[:join_table]).
+            select(*self[:left_key]).
+            where(lateral_subquery_filter_limit_strategy_conditions(obj)))
+        end
+
+        def lateral_subquery_filter_limit_strategy_lateral_dataset_select
+          qualify(self[:model].table_name, self[:left_primary_key])
+        end
+
+        def lateral_subquery_eager_limit_strategy_lateral_dataset(ds, limit_and_offset)
+          ds = super
+          select = ds.opts[:select].dup
+          left_key_alias = self[:left_key_alias]
+          select.pop while (s = select.last).is_a?(Sequel::SQL::AliasedExpression) && (left_key_alias.is_a?(Array) ? left_key_alias.include?(s.alias) : s.alias == left_key_alias)
+          ds = ds.clone(:select=>select)
+        end
+
+        def apply_lateral_subquery_eager_limit_strategy(ds, ids, limit_and_offset)
+          table_name = self[:model].table_name
+          super.
+            select_all(associated_class.table_name).
+            select_append(*qualify(table_name, self[:left_primary_keys]).zip(Array(self[:left_key_alias])).map{|id, aliaz| Sequel.as(id, aliaz)}).
+            where(qualify(table_name, self[:left_primary_key]) => ids)
+        end
+
+        def apply_lateral_subquery_eager_graph_limit_strategy(ds)
+          ds.
+            limit(*limit_and_offset).
+            where(qualify(join_table_alias, self[:left_keys]).zip(qualify(ds.opts[:eager_options][:implicit_qualifier], self[:left_primary_key_columns]))).
+            order(*self[:order]).
+            lateral
+        end
+
         # Use the right_keys from the eager loading options if
         # using a separate query per table.
         def eager_loading_set_predicate_condition(ds, eo)
@@ -2413,9 +2579,14 @@ module Sequel
           conditions = opts[:graph_conditions]
           opts[:cartesian_product_number] ||= one_to_one ? 0 : 1
           graph_block = opts[:graph_block]
+          graph_conditions = opts[:_graph_conditions] = use_only_conditions ? only_conditions : cks.zip(pkcs) + conditions
           opts[:eager_grapher] ||= proc do |eo|
             ds = eo[:self]
-            ds = ds.graph(opts.apply_eager_graph_limit_strategy(eo[:limit_strategy], eager_graph_dataset(opts, eo)), use_only_conditions ? only_conditions : cks.zip(pkcs) + conditions, eo.merge(:select=>select, :join_type=>eo[:join_type]||join_type, :qualify=>:deep), &graph_block)
+            graph_limit_strategy = eo[:limit_strategy]
+            egds = opts.apply_eager_graph_limit_strategy(graph_limit_strategy, eager_graph_dataset(opts, eo))
+            graph_conditions_true = true if graph_limit_strategy == :lateral_subquery
+
+            ds = ds.graph(egds, graph_conditions_true || graph_conditions, eo.merge(:select=>select, :join_type=>eo[:join_type]||join_type, :qualify=>:deep), &graph_block)
             # We only load reciprocals for one_to_many associations, as other reciprocals don't make sense
             ds.opts[:eager_graph][:reciprocals][eo[:table_alias]] = opts.reciprocal
             ds
@@ -2498,6 +2669,9 @@ module Sequel
         # Return dataset to graph into given the association reflection, applying the :callback option if set.
         def eager_graph_dataset(opts, eager_options)
           ds = opts.associated_class.dataset
+          if eager_options[:limit_strategy] == :lateral_subquery
+            ds = ds.clone(:eager_options=>eager_options)
+          end
           if opts[:graph_use_association_block] && (b = opts[:block])
             ds = b.call(ds)
           end

data/lib/sequel/plugins/dataset_associations.rb

@@ -82,8 +82,27 @@ module Sequel
         # database supports window functions.
         def associated(name)
           raise Error, "unrecognized association name: #{name.inspect}" unless r = model.association_reflection(name)
-          ds = r.associated_class.dataset
+          klass = r.associated_class
           sds = opts[:limit] ? self : unordered
+
+          if r.send(:filter_by_associations_limit_strategy) == :lateral_subquery
+            ds = r.send(:associated_eager_dataset)
+
+            case r[:type]
+            when :one_to_one, :one_to_many
+              sds = sds.select(*Array(r.qualified_primary_key))
+            else
+              sds = sds.select(*r[:left_primary_keys])
+              ds = ds.select_all(klass.table_name)
+              update_select = true
+            end
+
+            ds = r.send(:apply_lateral_subquery_eager_limit_strategy, ds, sds, r.limit_and_offset)
+            ds = ds.clone(:select=>ds.opts[:select][0,1]) if update_select
+            return ds.clone(:eager=>nil, :eager_graph=>nil)
+          end
+
+          ds = klass.dataset
           ds = case r[:type]
           when :many_to_one
             ds.where(r.qualified_primary_key=>sds.select(*Array(r[:qualified_key])))

data/lib/sequel/plugins/dirty.rb

@@ -234,8 +234,11 @@ module Sequel
               iv.delete(column)
             end
           else
-            check_missing_initial_value(column)
-            iv[column] = get_column_value(column)
+            if db_schema[column]
+              check_missing_initial_value(column)
+              iv[column] = get_column_value(column)
+            end
+
             super
           end
         end

data/lib/sequel/plugins/many_through_many.rb

@@ -146,6 +146,27 @@ module Sequel
           ds
         end
 
+        def lateral_subquery_filter_limit_strategy_conditions_key
+          qualify(reverse_edges.first[:table], reverse_edges.first[:left])
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_lateral_dataset(ds)
+          ds.where(Array(qualify(edges.first[:table], edges.first[:right])).zip(Array(qualify(self[:model].table_name, edges.first[:left]))))
+        end
+
+        def lateral_subquery_filter_limit_strategy_filter_dataset(ds, obj)
+          first_edge, *remaining_edges = edges
+          filter_ds = ds.db.from(first_edge[:table]).
+            select(*qualify(first_edge[:table], first_edge[:right])).
+            where(lateral_subquery_filter_limit_strategy_conditions(obj))
+
+          remaining_edges.each do |edge|
+            filter_ds = filter_ds.join(edge[:table], Array(edge[:right]).zip(Array(edge[:left])))
+          end
+
+          ds.where(qualify(self[:model].table_name, self[:left_primary_key]) => filter_ds)
+        end
+
         # Make sure to use unique table aliases when lazy loading or eager loading
         def calculate_reverse_edge_aliases(reverse_edges)
           aliases = [associated_class.table_name]

data/lib/sequel/plugins/mssql_optimistic_locking.rb

@@ -55,7 +55,7 @@ module Sequel
         def _update_without_checking(columns)
           ds = _update_dataset
           lc = model.lock_column
-          rows = ds.clone(ds.send(:default_server_opts, :sql=>ds.output(nil, [Sequel[:inserted][lc]]).update_sql(columns))).all
+          rows = ds.clone(ds.send(:default_server_opts, :sql=>ds.output(nil, [Sequel[:inserted][lc]]).update_sql(columns).freeze)).all
           values[lc] = rows.first[lc] unless rows.empty?
           rows.length
         end

data/lib/sequel/plugins/pg_xmin_optimistic_locking.rb

@@ -99,7 +99,7 @@ module Sequel
         # Add an RETURNING clause to fetch the updated xmin when updating the row.
         def _update_without_checking(columns)
           ds = _update_dataset
-          rows = ds.clone(ds.send(:default_server_opts, :sql=>ds.returning(:xmin).update_sql(columns))).all
+          rows = ds.clone(ds.send(:default_server_opts, :sql=>ds.returning(:xmin).update_sql(columns).freeze)).all
           values[:xmin] = rows.first[:xmin] unless rows.empty?
           rows.length
         end

data/lib/sequel/plugins/serialization.rb

@@ -30,6 +30,15 @@ module Sequel
     # Otherwise, it is possible that the default column accessors will take
     # precedence.
     #
+    # Note that use of an unsafe serialization method can result in an attack vector
+    # (potentially allowing remote code execution) if an attacker has the ability to
+    # store data directly in the underlying column. This would affect the marshal
+    # serialization format, and on older versions of Ruby, potentially the yaml and
+    # json serialization formats as well. It can also affect custom formats. You
+    # should ensure that attackers do not have access to store data directly in the
+    # underlying column when using this plugin (especially when using an unsafe
+    # serialization method).
+    #
     # == Example
     #
     #   # Require json if you plan to use it, as the plugin doesn't require it for you.
@@ -97,7 +106,7 @@ module Sequel
       register_format(:marshal, lambda{|v| [Marshal.dump(v)].pack('m')},
         lambda do |v|
           # Handle unpacked marshalled data for backwards compat
-          v = v.unpack('m')[0] unless v[0..1] == "\x04\x08"
+          v = v.unpack('m')[0] unless v.start_with?("\x04\x08")
           Marshal.load(v)
         end)
       register_format(:yaml, :to_yaml.to_proc, lambda{|s| YAML.load(s)})

data/lib/sequel/version.rb

@@ -6,7 +6,7 @@ module Sequel
 
   # The minor version of Sequel.  Bumped for every non-patch level
   # release, generally around once a month.
-  MINOR = 101
+  MINOR = 104
 
   # The tiny version of Sequel.  Usually 0, only bumped for bugfix
   # releases that fix regressions from previous versions.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sequel
 version: !ruby/object:Gem::Version
-  version: 5.101.0
+  version: 5.104.0
 platform: ruby
 authors:
 - Jeremy Evans
@@ -212,6 +212,7 @@ files:
 - lib/sequel/extensions/blank.rb
 - lib/sequel/extensions/caller_logging.rb
 - lib/sequel/extensions/columns_introspection.rb
+- lib/sequel/extensions/connection_checkout_event_callback.rb
 - lib/sequel/extensions/connection_expiration.rb
 - lib/sequel/extensions/connection_validator.rb
 - lib/sequel/extensions/constant_sql_override.rb
@@ -240,6 +241,7 @@ files:
 - lib/sequel/extensions/inflector.rb
 - lib/sequel/extensions/integer64.rb
 - lib/sequel/extensions/is_distinct_from.rb
+- lib/sequel/extensions/lit_require_frozen.rb
 - lib/sequel/extensions/looser_typecasting.rb
 - lib/sequel/extensions/migration.rb
 - lib/sequel/extensions/mssql_emulate_lateral_with_apply.rb