According to the vulnerability report (https://tanzu.vmware.com/security/cve-2022-22980), it's clearly affect for the Spel expressions like this.
#Query("{ 'userName' : ?#{?0}}")
But I just wanted to confirm, is that affect to followings too.
#Query(value = "{ '_id' : {$exists : true} }", fields = "{'_id' : 1,'customerId' : 1}")
or
#Query("{ 'name': ?0, 'customerId': ?1 }")
Related
I want to query that returns document that two fields of it are equal
I found mongodb raw query from this question :
db.coll.find({ $where : "this.field1 == this.field2" } );
How can I perform it with spring criteria:
criteria = criteria.andOperator(
Criteria.where("successfulSent").is("true"),
Criteria.where("this.fieldOne == this.fieldTwo"));
but its not working beacuse generated query become :
{ ... "$and" : [ { "successfulSent" : "true"} , { "this.fieldOne == this.fieldOne " : { }}]}
You can try on this way:
Criteria.where("$where").is("this.field1 == this.field2")
Query toString() will be:
Query: { "$where" : "this.cts == this.uts"}, Fields: null, Sort: null
I have this MongoDb query:
db.getCollection('user').find({
$and : [
{"status" : "ACTIVE"},
{"last_modified" : { $lt: new Date(), $gte: new Date(new Date().setDate(new Date().getDate()-1))}},
{"$expr": { "$ne": ["$last_modified", "$time_created"] }}
]
})
It works in Robo3T, but when I put this in spring boot as custom query, it throws error on project start.
#Query("{ $and : [ {'status' : 'ACTIVE'}, {'last_modified' : { $lt: new Date(), $gte: new Date(new Date().setDate(new Date().getDate()-1))}}, {'$expr': { '$ne': ['$last_modified', '$time_created']}}]}")
public List<User> findModifiedUsers();
I tried to make query with Criteria in spring:
Query query = new Query();
Criteria criteria = new Criteria();
criteria.andOperator(Criteria.where("status").is(UserStatus.ACTIVE), Criteria.where("last_modified").lt(new Date()).gt(lastDay), Criteria.where("time_created").ne("last_modified"));
but it doesn't work, it returns me all users like there is no this last criteria not equal last_modified and time_created.
Does anyone know what could be problem?
I think that this feature is not supported yet by Criteria - check this https://jira.spring.io/browse/DATAMONGO-1845 .
One workaround is to pass raw query via mongoTemplate like this:
BasicDBList expr = new BasicDBList();
expr.addAll(Arrays.asList("$last_modified","$time_created"));
BasicDBList and = new BasicDBList();
and.add(new BasicDBObject("status","ACTIVE"));
and.add(new BasicDBObject("last_modified",new BasicDBObject("$lt",new Date()).append("$gte",lastDate)));
and.add(new BasicDBObject("$expr",new BasicDBObject("$ne",expr)));
Document document = new Document("$and",and);
FindIterable<Document> result = mongoTemplate.getCollection("Users").find(document);
I have following BasicQuery
BasicQuery query2 = new BasicQuery("{status:{$in:['APPROVED','NEW','OPEN']}},{siteId:1,_id:0}");
Where BasicQuery is a class from SpringData mongoDb org.springframework.data.mongodb.core.query.BasicQuery. While doing the debug the above query get compiled into
Query: { "status" : { "$in" : [ "APPROVED" , "NEW" , "OPEN"]}}, Fields: null, Sort: { }
But it should have been compiled as below
Query: { "status" : { "$in" : [ "APPROVED" , "OPEN" , "NEW"]}}, Fields: { "siteId" : 1 , "_id" : 0}, Sort: null
If you notice, fields are still missing into compiled BasicQuery. Please help how i can have project in BasicQuery. I can have projection by using Query as below.
Query query = new Query();
query.addCriteria(Criteria.where(STATUS).in(validStatus));
query.fields().include("siteId").exclude("_id");
My query is how i can achieve the same using BasicQuery.
I guess i got the answer. Instead of using single string argument constructor of BasicQuery we need to use two String argument basic query as follow.
BasicQuery query2 = new BasicQuery("{status:{$in:['APPROVED','NEW','OPEN']}}","{siteId:1,_id:0}");
Above will compile into following query
Query: { "status" : { "$in" : [ "APPROVED" , "OPEN" , "NEW"]}}, Fields: { "siteId" : 1 , "_id" : 0}, Sort: null
BasicQuery query = new BasicQuery("{ $and: [{ studentId: { $in: "+studentIds+" } }, { status: { $ne: '"+studStatus+"'} }] }");
studentIds is an array and studStatus is a string!
Thanks to vashishth
After upgrading to spring data mongodb 1.10.1, I am getting errors when running queries like:
#Query("{$and :["
+ "{ $or : [ { $where: '?0 == null' } , { 'field1' : ?0 } ] },"
+ "{ $or : [ { $where: '?1 == null' } , { 'field2' : ?1 } ] },"
+ "]}")
public Page<Entity> findAll(String param1, String param2)
Checking the error I see the parameter inside the where clause is not quoted and as I result I get:
org.springframework.data.mongodb.UncategorizedMongoDbException: Query
failed with error code 139 and error message 'ReferenceError:
test_param_value is not defined :
I have seen a few answers here recommending this way of handling optional parameters ((spring-data-mongo - optional query parameters?)) but it no longer works and I cannot seem to find anything in the release change log.
In case anyone else is interested, I managed to find a workaround after checking a similar ticket int the Spring Data project.
It seems the way I was checking for null parameters in the query is not a good practice. This is from a Spring developer comment: "placeholders are not designed to compose keys/values but bind parameters. Beyond that, placeholder use in quoted strings is always problematic in terms of escaping. Using SpEL should suit your needs"
So I ended up using SpEL to do the checks on parameters and it works fine. This is how it looks:
#Query("{$and :["
+ "?#{ [0] == null ? { $where : 'true'} : { 'field1' : [0] } },"
+ "?#{ [1] == null ? { $where : 'true'} : { 'field2' : [1] } },"
+ "]}")
public Page<Entity> findAll(String param1, String param2, Pageable pageable);
I have this interface defined in Spring for querying Elascticsearch. I added #Query annotation to get some filtering done.
public interface ObjectElasticSearch extends ElasticsearchRepository<ElasticObject, String> {
#Query("{\"query\" : {\"filtered\" : {\"filter\" : { \"and\" : [ { \"term\" : { \"firstName\" : \":firstName\" }}, { \"term\" : { \"lastName\" : \"Baggins\" }} ] }}}}")
List<ElasticObject> findByDocFirstNameAndDocLastName(#Param("firstName") String firstName,
#Param("lastName") String lastName);
};
The #Query annotation gets ignored completely. As you can see I tried hardcoding last name, and it has no effect on the outcome of the query. If I delete a curly brace in the query string, I don't get any errors. Query still works, the filtering is ignored, and it returns all matches.
Can someone please help me figure out what am I doing wrong here.
Query should return a bool that in a must section can cover all your searches.
Here is my example that works for me, I have a records with startTimestamp and endTimestamp, and my method will find all of them that overlap specified timeframe + match fields by query
#Query("{\"bool\": {\"must\":["
+ " {\"range\": {\"endTimestamp\": {\"gte\": ?0}}},"
+ " {\"range\": {\"startTimestamp\": {\"lte\": ?1}}}"
+ " ], \"should\": ["
+ " {\"match\": {\"_all\": {\"query\": \"?2\", \"zero_terms_query\": \"all\"}}}"
+ " ],"
+ " \"minimum_should_match\" : 1"
+ " }"
+ "}")