-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OData $filter=contains and NullReferenceExceptions in LINQ to SQL #2808
Comments
Thank you @drweb86 for reporting the issue. Microsoft.AspNet.OData.5.7.0 is in maintenance mode and we can only implement critical/security fixes. Have you tried version 7 and 8 of the library? The two versions handle null propagation properly. |
Hi. Thank you for the response. Unfortunately, I won't be able to check it with latest version since we stuck with this version. But it will be a point to start conversation about upgrading to latest version in the future, since you probably at some point drop support for this version of library even for security fixes... |
When you filter over string property with null value, null reference exception is happening
Assemblies affected
Microsoft.AspNet.OData.5.7.0\lib\net45\System.Web.OData.dll 5.7.0.0
Reproduce steps
Create table Test with Name nullable string
Create OData controller for it with Get
Modify method like this
Put into table record with NULL as name.
Expected result
The same as for execution in the database. Skip null values. So
.Where(x => x.Name.Contains("123"))
translate into
.Where(x => x.Name?.Contains("123"))
Actual result
After ToList(); statement all items are inside memory (i understand how bad is it for database, but we need it for security trimming)
contains(Name,'123')
is transformedinto .Where(x => x.Name.Contains("123"))
. When x.Name is null exception happensSystem.Reflection.TargetInvocationException: at System.RuntimeMethodHandle.InvokeMethod (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Reflection.RuntimeMethodInfo.Invoke (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.OData.Query.ODataQueryOptions.LimitResults (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Web.OData.Query.ODataQueryOptions.ApplyTo (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Web.OData.EnableQueryAttribute.ExecuteQuery (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Web.OData.EnableQueryAttribute.OnActionExecuted (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Web.Http.Filters.ActionFilterAttribute.OnActionExecutedAsync (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.Http.Filters.ActionFilterAttribute+<CallOnActionExecutedAsync>d__5.MoveNext (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.Http.Filters.ActionFilterAttribute+<ExecuteActionFilterAsyncCore>d__0.MoveNext (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.Http.Controllers.ActionFilterResult+<ExecuteAsync>d__2.MoveNext (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.Http.Filters.AuthorizationFilterAttribute+<ExecuteAuthorizationFilterAsyncCore>d__2.MoveNext (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Web.Http.Dispatcher.HttpControllerDispatcher+<SendAsync>d__1.MoveNext (System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35) Inner exception System.NullReferenceException handled at System.RuntimeMethodHandle.InvokeMethod: at lambda_method (Anonymously Hosted DynamicMethods Assembly, Version=0.0.0.0, Culture=neutral, PublicKeyToken=null) at System.Linq.Enumerable+WhereArrayIterator
1.MoveNext (System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089)at System.Linq.Buffer
1..ctor (System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Linq.OrderedEnumerable
1+d__1.MoveNext (System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089)at System.Linq.Enumerable+d__25
1.MoveNext (System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089) at System.Collections.Generic.List
1..ctor (mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089)at System.Web.OData.Query.TruncatedCollection`1..ctor (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35)
at System.Web.OData.Query.ODataQueryOptions.LimitResults (System.Web.OData, Version=5.7.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35)
`
It does not reproduce when query is executed in database, since SQL LIKE operator does not fail with null Name.
So there's a clear difference between in-sql and non sql approach how its handled by OData.
Additional detail
Optional, details of the root cause if known. Delete this section if you have no additional details to add.
The text was updated successfully, but these errors were encountered: