guys.
I've struggled with something really weird. I want to get the result of Elasticsearch query, data(inside source). So this is a part of my code.
SearchResult result = jestClient.execute(search);
JsonObject json = result.getJsonObject();
Map<String, String> map = new HashMap<>();
for (JsonElement jsonElement : json.getAsJsonObject("hits").getAsJsonArray("hits")) {
JsonObject _source = jsonElement.getAsJsonObject().get("_source").getAsJsonObject();
String orderNumber = _source.get("orderNumber").toString();
String equipmentCode = _source.get("equipmentCode").toString();
map.put(orderNumber, equipmentCode);
}
The thing is the value of orderNumber is "ABCDE". What I expected is ABCDE. (To make it clear, both String contain the double quotes with the value... The funny thing is shown in the debug mode.
I've just checked the values in _source, it has the first value of String "A" still... but the first value of orderNumber is """ and the second value is "A"... I don't know how to resolve this and anyone helping me?
I'm answering for myself and ppl who will have the same problem. I should have used getAsString() instead of toString()... hope that I saved your time
Related
I am facing Second Order SQL Injection in the Spring-Hibernate application after scanning through the Checkmarx tool, I have gone through multiple questions in StackOverflow and in other platforms as well but did not get the right finding.
could you please look into the below code snip,
public String getOrderId(order_name){
String returnId= null;
Query query = entityManager.createNativeQuery("select order_id from order where order_name=?");
List<String> dataset = query.setParameter(1,order_name).getResultList();
if(dataset!=null){
returnId = dataset. Get(0);
}
return returnId;
}
In this above method, while calling getResultList(), getting a high vulnerability issue that, this method returns data flows through the code without being properly sanitized or validated, and eventually used in further database query in the method.
Earlier code was like this,
public String getOrderId(order_name){
String returnId= null;
String q = "select order_id from order where order_name="+order_name;
Query query = entityManager.createNativeQuery(q);
and directly it was used as a string append in query, which I have modified with set parameter,
Query query = entityManager.createNativeQuery("select order_id from order where order_name=?");
List<String> dataset = query.setParameter(1,order_name).getResultList();
but still after getting data from query.getResultSet(), it is asking for sanitizing and validating the data before use in further database query method.
and this return data is being used in further query like select * from return_Data where clause. (properly used in where clause to set parameter to avoid SQL injection).
and in the above query is used in another method where we pass return_Data as input to it.
could you please help here to know what checks and validation can be added to overcome this type of issue. Thanks in advance for prompt response.
How to specify range query to get the details from the state store in the kafka. I thought it is based on ASCII value but when I tried this not getting expected result.Could someone help me to solve this issue
Details: Key will be always a String.
String fromRange = String.format("%s", prefix, "NUL");
String toRange = String.format("%s%s", prefix, "~");
list = store.range(fromRange, toRange);
Currently I query ES for a single key value pair like this:
String query_key = "abc";
String query_val = "def";
searchRequestBuilder.setQuery(QueryBuilders.matchQuery(query_key, query_val)).execute().actionGet();
Now, instead of single key-value pair, I have the following key-value pair map: Map<String,String> query_list
How do I modify the same for this?
You can use MuliMatchQuery or Boolean Query to fulfill your requirement.
ex:-
BoolQueryBuilder boolQuery = new BoolQueryBuilder();
for (Map.Entry<String, String> entry : fields.entrySet()){
boolQuery.must(QueryBuilders.matchQuery(entry.getKey(), entry.getValue()));
}
Set this boolQuery in your searchRequest read the elasticsearch boolQueries and use one which fits for your requirement.
The Above example will perform the AND operation among the provided fields. the field1 and field2 must match. if you want to perform the OR operation then you should use sould query you have an option to set minimum_should_match in that you can specify the minimum fields should match.
I'm trying to check the next val of a sequence.
Here is the method :
public Long getCodeCommercialOffer(final String seq) {
final Session session = (Session) getEntityManager().getDelegate();
Query q= (Query) session.createQuery("SELECT " + seq + ".nextval FROM dual");
return (Long) q.getSingleResult();
}
Why the return is always null ?
I'm not sure what value you are passing in as the seq name. You might need to append the schema name to the front of the sequence (ex: mySchema.sequenceName). I recommend that you print out the SQL statement you are trying to run, run that statement alone in a database query tool (ex: TOAD), tune the SQL to get it working, then put it back into the code.
Thank you for your answers, finally I found out the solution.
The problem is the cast, i replace it with BigDecimal instead of Long
Hi I been searching for my error but I can't find anything that help me. The problem is this. I been working with Subsonic 3, Newtonsoft Json and the linq way of write so I have this easy query:
var found = from client in newclients.All() where client.Period == "sometext" select client;
string periodoJSON = JsonConvert.SerializeObject(periodoFound); //this get "Self referencing loop Exception"
the problem is when I run this script I get the horrible exception "Self referening loop exception" in the JsonConvert line, subsonic have all the objects without any problem but if I do the following.
var found = from client in newclients.All() where client.Period == "sometext" select new client{client.Name, client.LastName, etc};
string periodoJSON = JsonConvert.SerializeObject(periodoFound);
I get the object serialize with a any problem with all the properties. I'm doing the last way because I have to finish my work but is any other way or solution for this problem, if not I will have to write all the properties every time I want to get a full table properties.
hope any can solve my problem o help me in the path for find a solution....
what I have is a really basic query with linq and I try the three values for JsonSerializerSettings and any work, again I'm working with subsonic 3 this not happend either with subsnoic 2 and I can make it work if I specify one by one the properties of the object in the linq query does any have any clue of what is happend, ANY more help would be great!!! If I put the value of Serialize my page get crazy and in a infinity loop state, if I decide for error simple doesn't work and Ignore nothing happen... some more information about this self referencia loop?
var u = usuario.SingleOrDefault(x => x.TipoUsuario == "A" || x.TipoUsuario == "W");
JsonSerializerSettings setting = new JsonSerializerSettings();
setting.ReferenceLoopHandling = ReferenceLoopHandling.Error; //.Serialize .Ignore
Page.ClientScript.RegisterClientScriptBlock(this.GetType(),"usuario", "var usuario=" + JsonConvert.SerializeObject(u, Formatting.None, setting) + ";");
Update ------
I code the following
string jsU = JsonConvert.SerializeObject(u,Formatting.None,new JsonSerializerSettings { PreserveReferencesHandling = PreserveReferencesHandling.Objects, ReferenceLoopHandling = ReferenceLoopHandling.Ignore });
and is workign but the only thing wrongs is that in the json object comes all the information about the columns of subsonic 3 and a BIG chunk of text explain it... does any one know how to not SEND this part of the object??
Without knowing more about you object model it is hard to provide a definitive answer, but I would take a look at the ReferenceLoopHandling enum.
You're calling string SerializeObject(object value) on JsonConvert. Try the string SerializeObject(object value, Formatting formatting, JsonSerializerSettings settings) method instead. The JsonSerializerSettings settings parameter lets you set a bunch of things, including the ReferenceLoopHandling ReferenceLoopHandling { get; set; } property.
You can try these values:
public enum ReferenceLoopHandling
{
Error,
Ignore,
Serialize
}
Obviously, Error is the default and that's what you're getting. Perhaps one of the others will help.