From f59a41e753464954953b8561b5c5973d2dd7ced7 Mon Sep 17 00:00:00 2001 From: Gaofei Zhao <15748980+dippindots@users.noreply.github.com> Date: Wed, 27 Nov 2024 11:01:23 -0500 Subject: [PATCH] Use prepared statements to avoid injection attack and clickhouse native array to improve performance --- .../helper/StudyViewFilterHelper.java | 16 ++++++++++++++++ .../web/parameter/CustomSampleIdentifier.java | 10 ++++++++++ .../StudyViewFilterMapper.xml | 18 ++++++++++-------- 3 files changed, 36 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java index d10d85d98c4..fab5760ca1e 100644 --- a/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java +++ b/src/main/java/org/cbioportal/persistence/helper/StudyViewFilterHelper.java @@ -34,6 +34,7 @@ public static StudyViewFilterHelper build(@Nullable StudyViewFilter studyViewFil private final StudyViewFilter studyViewFilter; private final CategorizedGenericAssayDataCountFilter categorizedGenericAssayDataCountFilter; private final List customDataSamples; + private final String[] filteredSampleIdentifiers; private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, @NonNull Map> genericAssayProfilesMap, @@ -41,6 +42,13 @@ private StudyViewFilterHelper(@NonNull StudyViewFilter studyViewFilter, this.studyViewFilter = studyViewFilter; this.categorizedGenericAssayDataCountFilter = extractGenericAssayDataCountFilters(studyViewFilter, genericAssayProfilesMap); this.customDataSamples = customDataSamples; + if (studyViewFilter != null && studyViewFilter.getSampleIdentifiers() != null) { + this.filteredSampleIdentifiers = studyViewFilter.getSampleIdentifiers().stream() + .map(sampleIdentifier -> sampleIdentifier.getStudyId() + "_" + sampleIdentifier.getSampleId()) + .toArray(String[]::new); + } else { + this.filteredSampleIdentifiers = new String[0]; + } } public StudyViewFilter studyViewFilter() { @@ -55,6 +63,14 @@ public List customDataSamples() { return this.customDataSamples; } +// public List filteredSampleIdentifiers() { +// return this.filteredSampleIdentifiers; +// } + + public String[] filteredSampleIdentifiers() { + return this.filteredSampleIdentifiers; + } + private CategorizedGenericAssayDataCountFilter extractGenericAssayDataCountFilters(final StudyViewFilter studyViewFilter, Map> genericAssayProfilesMap) { if ((studyViewFilter.getGenericAssayDataFilters() == null || genericAssayProfilesMap.isEmpty())) { diff --git a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java index 9f5f4e0bfe0..a9484cc148a 100644 --- a/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java +++ b/src/main/java/org/cbioportal/web/parameter/CustomSampleIdentifier.java @@ -22,4 +22,14 @@ public String getValue() { public void setValue(String value) { this.value = value; } + + // Generating unique SampleId by concatenating studyId and sampleId + public String getUniqueSampleId() { + // Assuming studyId and sampleId are available in SampleIdentifier + // Concatenate with "_" in between if both values are not null + if (getStudyId() != null && getSampleId() != null) { + return getStudyId() + "_" + getSampleId(); + } + return null; // or return a default value if either studyId or sampleId is null + } } diff --git a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml index 2633361188f..2cb52116592 100644 --- a/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml +++ b/src/main/resources/org/cbioportal/persistence/mybatisclickhouse/StudyViewFilterMapper.xml @@ -59,14 +59,14 @@ - - INTERSECT + + INTERSECT SELECT sample_unique_id FROM sample_derived WHERE sample_unique_id IN - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' - + ( + #{studyViewFilterHelper.filteredSampleIdentifiers, typeHandler=org.apache.ibatis.type.ArrayTypeHandler} + ) INTERSECT @@ -84,8 +84,8 @@ sample_unique_id IN ( '', - - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId} ) @@ -96,7 +96,9 @@ OR sample_unique_id NOT IN ( - '${sampleIdentifier.studyId}_${sampleIdentifier.sampleId}' + + #{sampleIdentifier.getUniqueSampleId} + )