@harperfast/harper 5.0.0-alpha.10 → 5.0.0-beta.1

package/sqlTranslator/index.js

@@ -0,0 +1,242 @@
+'use strict';
+
+module.exports = {
+	evaluateSQL,
+	processAST,
+	convertSQLToAST,
+	checkASTPermissions,
+};
+
+const insert = require('../dataLayer/insert.js');
+const util = require('util');
+const cbInsertInsert = util.callbackify(insert.insert);
+const search = require('../dataLayer/search.js').search;
+const update = require('../dataLayer/update.js').update;
+const cbUpdateUpdate = util.callbackify(update);
+const deleteTranslator = require('./deleteTranslator.js').convertDelete;
+const alasql = require('alasql');
+const opAuth = require('../utility/operation_authorization.js');
+const logger = require('../utility/logging/harper_logger.js');
+const alasqlFunctionImporter = require('./alasqlFunctionImporter.js');
+const hdbUtils = require('../utility/common_utils.js');
+const terms = require('../utility/hdbTerms.ts');
+const { hdbErrors, handleHDBError } = require('../utility/errors/hdbError.js');
+const { HTTP_STATUS_CODES } = hdbErrors;
+
+//here we call to define and import custom functions to alasql
+alasqlFunctionImporter(alasql);
+
+let UNAUTHORIZED_RESPONSE = 403;
+const SQL_INSERT_ERROR_MSG = 'There was a problem performing this insert. Please check the logs and try again.';
+
+class ParsedSQLObject {
+	constructor() {
+		this.ast = undefined;
+		this.variant = undefined;
+		this.permissions_checked = false;
+	}
+}
+
+function evaluateSQL(jsonMessage, callback) {
+	let parsedSql = jsonMessage.parsed_sql_object;
+	if (!parsedSql) {
+		parsedSql = convertSQLToAST(jsonMessage.sql);
+		//TODO; This is a temporary check and should be removed once validation is integrated.
+		let schema = undefined;
+		let statement = parsedSql.ast.statements[0];
+		if (statement instanceof alasql.yy.Insert) {
+			schema = statement.into.databaseid;
+		} else if (statement instanceof alasql.yy.Select) {
+			schema = statement.from ? statement.from[0].databaseid : null;
+		} else if (statement instanceof alasql.yy.Update) {
+			schema = statement.table.databaseid;
+		} else if (statement instanceof alasql.yy.Delete) {
+			schema = statement.table.databaseid;
+		} else {
+			logger.error(`AST in evaluateSQL is not a valid SQL type.`);
+		}
+		if (!(statement instanceof alasql.yy.Select) && hdbUtils.isEmptyOrZeroLength(schema)) {
+			return callback('No schema specified', null);
+		}
+	}
+	processAST(jsonMessage, parsedSql, (error, results) => {
+		if (error) {
+			return callback(error);
+		}
+
+		callback(null, results);
+	});
+}
+
+/**
+ * Provides a direct path to checking permissions for a given AST.  Returns false if permissions check fails.
+ * @param jsonMessage - The JSON inbound message.
+ * @param parsedSqlObject - The Parsed SQL statement specified in the inbound json message, of type ParsedSQLObject.
+ * @returns {Array} - False if permissions check denys the statement.
+ */
+function checkASTPermissions(jsonMessage, parsedSqlObject) {
+	let verifyResult = undefined;
+	try {
+		verifyResult = opAuth.verifyPermsAst(
+			parsedSqlObject.ast.statements[0],
+			jsonMessage.hdb_user,
+			parsedSqlObject.variant
+		);
+		parsedSqlObject.permissions_checked = true;
+	} catch (e) {
+		throw e;
+	}
+	if (verifyResult) {
+		return verifyResult;
+	}
+	return null;
+}
+
+function convertSQLToAST(sql) {
+	let astResponse = new ParsedSQLObject();
+	if (!sql) {
+		throw handleHDBError(
+			new Error(),
+			"The 'sql' parameter is missing from the request body",
+			HTTP_STATUS_CODES.BAD_REQUEST
+		);
+	}
+	try {
+		let trimmedSql = sql.trim();
+		let ast = alasql.parse(trimmedSql);
+		let variant = trimmedSql.split(' ')[0].toLowerCase();
+		astResponse.ast = ast;
+		astResponse.variant = variant;
+	} catch (e) {
+		let splitError = e.message.split('\n');
+		if (splitError[1]) {
+			throw handleHDBError(
+				e,
+				`Invalid SQL at: ${splitError[1]}. Please ensure your SQL is valid. Try adding backticks to reserved words and schema table references.`,
+				HTTP_STATUS_CODES.BAD_REQUEST
+			);
+		} else {
+			throw handleHDBError(
+				e,
+				`We had trouble parsing your request. Please ensure your SQL is valid. Try adding backticks to reserved words and schema table references.`,
+				HTTP_STATUS_CODES.BAD_REQUEST
+			);
+		}
+	}
+
+	return astResponse;
+}
+
+function processAST(jsonMessage, parsedSqlObject, callback) {
+	try {
+		let sqlFunction = nullFunction;
+
+		if (!jsonMessage.bypass_auth && !parsedSqlObject.permissions_checked) {
+			let permissionsCheck = checkASTPermissions(jsonMessage, parsedSqlObject);
+			if (permissionsCheck && permissionsCheck.length > 0) {
+				return callback(UNAUTHORIZED_RESPONSE, permissionsCheck);
+			}
+		}
+
+		let statement = {
+			statement: parsedSqlObject.ast.statements[0],
+			hdb_user: jsonMessage.hdb_user,
+		};
+
+		switch (parsedSqlObject.variant) {
+			case terms.VALID_SQL_OPS_ENUM.SELECT:
+				sqlFunction = search;
+				statement = parsedSqlObject.ast.statements[0];
+				break;
+			case terms.VALID_SQL_OPS_ENUM.INSERT:
+				//TODO add validator for insert, need to make sure columns are specified
+				sqlFunction = convertInsert;
+				break;
+			case terms.VALID_SQL_OPS_ENUM.UPDATE:
+				sqlFunction = cbUpdateUpdate;
+				break;
+			case terms.VALID_SQL_OPS_ENUM.DELETE:
+				sqlFunction = deleteTranslator;
+				break;
+			default:
+				throw new Error(`unsupported SQL type ${parsedSqlObject.variant} in SQL: ${jsonMessage}`);
+		}
+		sqlFunction(statement, (err, data) => {
+			if (err) {
+				callback(err);
+				return;
+			}
+			callback(null, data);
+		});
+	} catch (e) {
+		return callback(e);
+	}
+}
+
+function nullFunction(sql, callback) {
+	logger.info(sql);
+	callback('unknown sql statement');
+}
+
+function convertInsert({ statement, hdb_user }, callback) {
+	let schemaTable = statement.into;
+	let insertObject = {
+		schema: schemaTable.databaseid,
+		table: schemaTable.tableid,
+		operation: 'insert',
+		hdb_user,
+	};
+
+	let columns = statement.columns.map((column) => column.columnid);
+
+	try {
+		insertObject.records = createDataObjects(columns, statement.values);
+	} catch (e) {
+		return callback(e);
+	}
+
+	cbInsertInsert(insertObject, (err, res) => {
+		if (err) {
+			return callback(err);
+		}
+
+		try {
+			// We do not want the API returning the new attributes property.
+			delete res.new_attributes;
+			delete res.txn_time;
+		} catch (deleteErr) {
+			logger.error(`Error delete new_attributes from insert response: ${deleteErr}`);
+		}
+
+		callback(null, res);
+	});
+}
+
+function createDataObjects(columns, values) {
+	try {
+		return values.map((valueObjects) => {
+			//compare number of values to number of columns, if no match throw error
+			if (columns.length !== valueObjects.length) {
+				throw 'number of values do not match number of columns in insert';
+			}
+			let record = {};
+			//make sure none of the value entries have a columnid
+			valueObjects.forEach((value, x) => {
+				if (value.columnid) {
+					throw 'cannot use a column in insert value';
+				}
+
+				if ('value' in value) {
+					record[columns[x]] = value.value;
+				} else {
+					record[columns[x]] = alasql.compile(`SELECT ${value.toString()} AS [${terms.FUNC_VAL}] FROM ?`);
+				}
+			});
+
+			return record;
+		});
+	} catch (err) {
+		logger.error(err);
+		throw new Error(SQL_INSERT_ERROR_MSG);
+	}
+}

package/sqlTranslator/sql_statement_bucket.js

@@ -0,0 +1,472 @@
+'use strict';
+/**
+ * This class is meant as a getter object that sits between the alasql (or other module) AST and any module requiring interpreted
+ * AST SQL values such as attributes, tables, etc.
+ **/
+
+const alasql = require('alasql');
+const RecursiveIterator = require('recursive-iterator');
+const harperLogger = require('../utility/logging/harper_logger.js');
+const hdbUtils = require('../utility/common_utils.js');
+const terms = require('../utility/hdbTerms.ts');
+
+class sqlStatementBucket {
+	constructor(ast) {
+		this.ast = ast;
+		// affectedAttributes stores a table and it's attributes as a Map [schema, Map[table, [attributesArray]]].
+		this.affected_attributes = new Map();
+		this.table_lookup = new Map();
+		this.schema_lookup = new Map();
+		this.table_to_schema_lookup = new Map();
+		interpretAST(
+			this.ast,
+			this.affected_attributes,
+			this.table_lookup,
+			this.schema_lookup,
+			this.table_to_schema_lookup
+		);
+	}
+
+	/**
+	 * Returns all attributes stored under a schema/table key set.
+	 * @param schemaName - Name of the schema to search under
+	 * @param tableName - Name of the table to pull attributes for.
+	 * @returns {Array}
+	 */
+	getAttributesBySchemaTableName(schemaName, tableName) {
+		if (!schemaName || !tableName || !this.affected_attributes) {
+			return [];
+		}
+		if (this.affected_attributes.has(schemaName)) {
+			if (!this.affected_attributes.get(schemaName).has(tableName)) {
+				tableName = this.table_lookup.get(tableName);
+				if (!tableName) return [];
+			}
+			return this.affected_attributes.get(schemaName).get(tableName);
+		}
+	}
+
+	/**
+	 * Returns all tables that were inferred from the AST.
+	 * @returns {Array}
+	 */
+	getAllTables() {
+		let tables = [];
+		if (!this.affected_attributes) {
+			return tables;
+		}
+		for (const schema of this.affected_attributes.keys()) {
+			tables.push(Array.from(this.affected_attributes.get(schema).keys()));
+		}
+		return tables;
+	}
+
+	/**
+	 * Get an array of all tables under the passed in schema name.  Will return an empty array with invalid parameters
+	 * @param schemaName - name of the schema
+	 * @returns {Array}
+	 */
+	getTablesBySchemaName(schemaName) {
+		if (!schemaName || !this.affected_attributes) return [];
+		return Array.from(this.affected_attributes.get(schemaName).keys());
+	}
+
+	/**
+	 * Gets an array of schemas that were inferred from the passed in AST
+	 * @returns {Array}
+	 */
+	getSchemas() {
+		if (!this.affected_attributes) {
+			return [];
+		}
+		return Array.from(this.affected_attributes.keys());
+	}
+
+	/**
+	 * Get the full AST
+	 * @returns {*}
+	 */
+	getAst() {
+		return this.ast;
+	}
+
+	/**
+	 *When a SELECT * is included in the AST for a non-SU, we need to convert the star into the specific attributes the
+	 * user has READ permissions
+	 *
+	 * @param rolePerms - role permission set to update the wildcard to the permitted attributes
+	 * @returns {ast} - this function returns the updated AST that can be used for final validation and the additional
+	 * steps to complete the request
+	 */
+	updateAttributeWildcardsForRolePerms(rolePerms) {
+		const astWildcards = this.ast.columns.filter((col) => terms.SEARCH_WILDCARDS.includes(col.columnid));
+
+		//If there are no wildcards, we can skip this step
+		if (astWildcards.length === 0) {
+			return this.ast;
+		}
+
+		//This function will need to be updated if/when we start to do cross-schema joins - i.e. function will need
+		// to handle multiple schema values instead of just the one below
+		const fromDatabaseid = this.ast.from[0].databaseid;
+		this.ast.columns = this.ast.columns.filter((col) => !terms.SEARCH_WILDCARDS.includes(col.columnid));
+
+		astWildcards.forEach((val) => {
+			let colSchema = this.table_to_schema_lookup.has(val.tableid)
+				? this.table_to_schema_lookup.get(val.tableid)
+				: fromDatabaseid;
+			let colTable = this.table_lookup.has(val.tableid) ? this.table_lookup.get(val.tableid) : this.ast.from[0].tableid;
+
+			//We only want to do this if the table that is being SELECT *'d has READ permissions - if not, we will only
+			// want to send the table permissions error response so we can skip this step.
+			if (
+				rolePerms[colSchema] &&
+				rolePerms[colSchema].tables[colTable] &&
+				rolePerms[colSchema].tables[colTable][terms.PERMS_CRUD_ENUM.READ]
+			) {
+				let finalTableAttrs;
+				if (rolePerms[colSchema].tables[colTable].attribute_permissions.length > 0) {
+					finalTableAttrs = filterReadRestrictedAttrs(rolePerms[colSchema].tables[colTable].attribute_permissions);
+				} else {
+					//If the user has READ perms for the table but no perms for the attributes in it, we add all the attrs
+					// into the AST * affectedAttributes map so that the individual attribute permissions error responses
+					// are returned to the user
+					finalTableAttrs = global.hdb_schema[colSchema][colTable].attributes.map((attr) => ({
+						attribute_name: attr.attribute,
+					}));
+				}
+
+				//It's important to REMOVE the wildcard as we replace it with the actual attributes that will be selected
+				const tableAffectedAttrs = this.affected_attributes
+					.get(colSchema)
+					.get(colTable)
+					.filter((attr) => !terms.SEARCH_WILDCARDS.includes(attr));
+				finalTableAttrs.forEach(({ attribute_name }) => {
+					let newColumn = new alasql.yy.Column({ columnid: attribute_name });
+					if (val.tableid) {
+						newColumn.tableid = val.tableid;
+					}
+					this.ast.columns.push(newColumn);
+					if (!tableAffectedAttrs.includes(attribute_name)) {
+						tableAffectedAttrs.push(attribute_name);
+					}
+				});
+				this.affected_attributes.get(colSchema).set(colTable, tableAffectedAttrs);
+			}
+		});
+
+		return this.ast;
+	}
+}
+
+/**
+ * Takes full table attribute permissions array and filters out attributes w/ FALSE READ perms
+ *
+ * @param attrPerms [] - attribute permissions for a table
+ * @returns [] - array of attribute permissions objects w/ READ perms === TRUE
+ */
+
+function filterReadRestrictedAttrs(attrPerms) {
+	return attrPerms.filter((perm) => perm[terms.PERMS_CRUD_ENUM.READ]);
+}
+
+function interpretAST(ast, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup) {
+	getRecordAttributesAST(ast, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup);
+}
+
+/**
+ * Takes an AST definition and adds it to the schema/table affectedAttributes parameter as well as adding table alias'
+ * to the tableLookup parameter.
+ *
+ * @param record - An AST style record
+ * @param {Map} affectedAttributes - A map of attributes affected in the call.  Defined as [schema, Map[table, [attributesArray]]].
+ * @param {Map} tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function addSchemaTableToMap(record, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup) {
+	if (!record || !record.databaseid) {
+		return;
+	}
+	if (!affectedAttributes.has(record.databaseid)) {
+		affectedAttributes.set(record.databaseid, new Map());
+	}
+	if (!affectedAttributes.get(record.databaseid).has(record.tableid)) {
+		affectedAttributes.get(record.databaseid).set(record.tableid, []);
+	}
+	if (record.as) {
+		if (!tableLookup.has(record.as)) {
+			tableLookup.set(record.as, record.tableid);
+		}
+		if (schemaLookup && !schemaLookup.has(record.as)) {
+			schemaLookup.set(record.as, record.databaseid);
+		}
+	}
+	if (tableToSchemaLookup) {
+		const schemaId = record.databaseid;
+		let tableId = record.tableid;
+		if (record.as) {
+			tableId = record.as;
+		}
+
+		tableToSchemaLookup.set(tableId, schemaId);
+	}
+}
+
+/**
+ * Pull the table attributes specified in the AST statement and adds them to the affectedAttributes and tableLookup parameters.
+ *
+ * @param ast - the syntax tree containing SQL specifications
+ * @param {Map} affectedAttributes - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param {Map} tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function getRecordAttributesAST(ast, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup) {
+	if (!ast) {
+		harperLogger.info(`getRecordAttributesAST: invalid SQL syntax tree`);
+		return;
+	}
+	// We can reference any schema/table attributes, so we need to check each possibility
+	// affected attributes is a Map of Maps like so [schema, Map[table, [attributesArray]]];
+	if (ast instanceof alasql.yy.Insert) {
+		getInsertAttributes(ast, affectedAttributes, tableLookup);
+	} else if (ast instanceof alasql.yy.Select) {
+		getSelectAttributes(ast, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup);
+	} else if (ast instanceof alasql.yy.Update) {
+		getUpdateAttributes(ast, affectedAttributes, tableLookup);
+	} else if (ast instanceof alasql.yy.Delete) {
+		getDeleteAttributes(ast, affectedAttributes, tableLookup);
+	} else {
+		harperLogger.error(`AST in getRecordAttributesAST() is not a valid SQL type.`);
+	}
+}
+
+/**
+ * Retrieve the schemas, tables, and attributes from the source Select AST.
+ *
+ * @param ast - SQL command converted to an AST
+ * @param affectedAttributes - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function getSelectAttributes(ast, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup) {
+	if (!ast) {
+		harperLogger.info(`getSelectAttributes: invalid SQL syntax tree`);
+		return;
+	}
+	if (!ast.from || ast.from[0] === undefined) {
+		return;
+	}
+	let schema = ast.from[0].databaseid;
+	if (hdbUtils.isEmptyOrZeroLength(schema)) {
+		harperLogger.error('No schema specified');
+		return;
+	}
+	ast.from.forEach((from) => {
+		addSchemaTableToMap(from, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup);
+	});
+	if (ast.joins) {
+		ast.joins.forEach((join) => {
+			//copying the 'as' to the table rather than on the join allows for a more generic function in addSchemaTableToMap().
+			// as it can take a .table as well as a .join record. It's a bit hacky, but I don't think this should cause any problems.
+			if (join.as) {
+				join.table.as = join.as;
+			}
+			addSchemaTableToMap(join.table, affectedAttributes, tableLookup, schemaLookup, tableToSchemaLookup);
+		});
+	}
+
+	const iterator = new RecursiveIterator(ast.columns);
+	for (let { node } of iterator) {
+		if (node && node.columnid) {
+			let tableName = node.tableid;
+			const columnSchema = schemaLookup.has(tableName) ? schemaLookup.get(tableName) : schema;
+
+			if (!tableName) {
+				tableName = ast.from[0].tableid;
+			}
+
+			if (!affectedAttributes.get(columnSchema).has(tableName)) {
+				if (!tableLookup.has(tableName)) {
+					harperLogger.info(`table specified as ${tableName} not found.`);
+					return;
+				} else {
+					tableName = tableLookup.get(tableName);
+				}
+			}
+
+			if (affectedAttributes.get(columnSchema).get(tableName).indexOf(node.columnid) < 0) {
+				affectedAttributes.get(columnSchema).get(tableName).push(node.columnid);
+			}
+		}
+	}
+
+	// It's important to iterate through the WHERE clause in case there are other columns that are not included in
+	// the SELECT clause
+	if (ast.where) {
+		const iterator = new RecursiveIterator(ast.where);
+		const fromTable = ast.from[0].tableid;
+
+		for (let { node } of iterator) {
+			if (node && node.columnid) {
+				let table = node.tableid ? node.tableid : fromTable;
+
+				if (!affectedAttributes.get(schema).has(table)) {
+					if (!tableLookup.has(table)) {
+						harperLogger.info(`table specified as ${table} not found.`);
+						continue;
+					} else {
+						table = tableLookup.get(table);
+					}
+				}
+				//We need to check to ensure this columnid wasn't already set in the Map
+				if (affectedAttributes.get(schema).get(table).indexOf(node.columnid) < 0) {
+					affectedAttributes.get(schema).get(table).push(node.columnid);
+				}
+			}
+		}
+	}
+
+	// It's important to also iterate through the JOIN clause in case there are other columns that are not included in
+	// the SELECT clause
+	if (ast.joins) {
+		ast.joins.forEach((join) => {
+			const iterator = new RecursiveIterator(join.on);
+
+			for (let { node } of iterator) {
+				if (node && node.columnid) {
+					let table = node.tableid;
+					let schema = tableToSchemaLookup.get(table);
+
+					if (!affectedAttributes.get(schema).has(table)) {
+						if (!tableLookup.has(table)) {
+							harperLogger.info(`table specified as ${table} not found.`);
+							continue;
+						} else {
+							table = tableLookup.get(table);
+						}
+					}
+					//We need to check to ensure this columnid wasn't already set in the Map
+					if (affectedAttributes.get(schema).get(table).indexOf(node.columnid) < 0) {
+						affectedAttributes.get(schema).get(table).push(node.columnid);
+					}
+				}
+			}
+		});
+	}
+
+	// It's important to iterate through the ORDER clause in case there are other columns that are not included in
+	// the SELECT clause with wildcard
+	if (ast.order) {
+		const orderIterator = new RecursiveIterator(ast.order);
+		for (let { node } of orderIterator) {
+			if (node && node.columnid) {
+				let tableName = node.tableid;
+				const orderSchema = schemaLookup.has(tableName) ? schemaLookup.get(tableName) : schema;
+
+				if (!tableName) {
+					tableName = ast.from[0].tableid;
+				}
+
+				if (!affectedAttributes.get(orderSchema).has(tableName)) {
+					if (!tableLookup.has(tableName)) {
+						harperLogger.info(`table specified as ${tableName} not found.`);
+						return;
+					} else {
+						tableName = tableLookup.get(tableName);
+					}
+				}
+
+				if (affectedAttributes.get(orderSchema).get(tableName).indexOf(node.columnid) < 0) {
+					affectedAttributes.get(orderSchema).get(tableName).push(node.columnid);
+				}
+			}
+		}
+	}
+}
+
+/**
+ * Retrieve the schemas, tables, and attributes from the source Update AST.
+ * @param ast - SQL command converted to an AST
+ * @param affectedAttributes - - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function getUpdateAttributes(ast, affectedAttributes, tableLookup) {
+	if (!ast) {
+		harperLogger.info(`getUpdateAttributes: invalid SQL syntax tree`);
+		return;
+	}
+	let iterator = new RecursiveIterator(ast.columns);
+	let schema = ast.table.databaseid;
+
+	addSchemaTableToMap(ast.table, affectedAttributes, tableLookup);
+
+	for (let { node } of iterator) {
+		if (node && node.columnid) {
+			pushAttribute(ast.table.tableid, schema, node.columnid, affectedAttributes, tableLookup);
+		}
+	}
+}
+
+/**
+ * Retrieve the schemas, tables, and attributes from the source Delete AST.
+ * @param ast - SQL command converted to an AST
+ * @param affectedAttributes - - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function getDeleteAttributes(ast, affectedAttributes, tableLookup) {
+	if (!ast) {
+		harperLogger.info(`getDeleteAttributes: invalid SQL syntax tree`);
+		return;
+	}
+	let iterator = new RecursiveIterator(ast.where);
+	let schema = ast.table.databaseid;
+
+	addSchemaTableToMap(ast.table, affectedAttributes, tableLookup);
+
+	for (let { node } of iterator) {
+		if (node && node.columnid) {
+			pushAttribute(ast.table.tableid, schema, node.columnid, affectedAttributes, tableLookup);
+		}
+	}
+}
+
+/**
+ * Retrieve the schemas, tables, and attributes from the source Insert AST.
+ * @param ast - SQL command converted to an AST
+ * @param affectedAttributes - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function getInsertAttributes(ast, affectedAttributes, tableLookup) {
+	if (!ast) {
+		harperLogger.info(`getInsertAttributes: invalid SQL syntax tree`);
+		return;
+	}
+	let iterator = new RecursiveIterator(ast.columns);
+	let schema = ast.into.databaseid;
+
+	addSchemaTableToMap(ast.into, affectedAttributes, tableLookup);
+
+	for (let { node } of iterator) {
+		if (node && node.columnid) {
+			pushAttribute(ast.into.tableid, schema, node.columnid, affectedAttributes, tableLookup);
+		}
+	}
+}
+
+/**
+ * Helper function to add the specified column id to the attributes array of a table.
+ * @param schema - The schema to add the column into
+ * @param table - the table to add the column into
+ * @param columnid - the column name that should be stored
+ * @param affectedAttributes - A map containing attributes affected by the statement. Defined as [schema, Map[table, [attributesArray]]].
+ * @param tableLookup - A map that will be filled in.  This map contains alias to table definitions as [alias, tableName].
+ */
+function pushAttribute(table, schema, columnid, affectedAttributes, tableLookup) {
+	if (!affectedAttributes.get(schema)) {
+		return;
+	}
+	let tableId = table;
+	if (!affectedAttributes.get(schema).has(tableId)) {
+		tableId = tableLookup.get(tableId);
+	}
+	affectedAttributes.get(schema).get(tableId).push(columnid);
+}
+
+module.exports = sqlStatementBucket;