private boolean checkForbiddenStatements(List<Statement> aqlStatements, PrintWriter out) { for (Statement st : aqlStatements) { if (!getAllowedStatements().contains(st.getKind())) { JSONObject errorResp = ResultUtils.getErrorResponse(1, String.format(getErrorMessage(), st.getKind())); out.write(errorResp.toString()); return true; } } return false; }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setContentType("application/json"); response.setCharacterEncoding("utf-8"); PrintWriter out = response.getWriter(); DisplayFormat format = DisplayFormat.HTML; String contentType = request.getContentType(); if ((contentType == null) || (contentType.equals("text/plain"))) { format = DisplayFormat.TEXT; } else if (contentType.equals("application/json")) { format = DisplayFormat.JSON; } String query = getQueryParameter(request); boolean asyncResults = isAsync(request); ServletContext context = getServletContext(); IHyracksClientConnection hcc; IHyracksDataset hds; try { synchronized (context) { hcc = (IHyracksClientConnection) context.getAttribute(HYRACKS_CONNECTION_ATTR); hds = (IHyracksDataset) context.getAttribute(HYRACKS_DATASET_ATTR); if (hds == null) { hds = new HyracksDataset(hcc, ResultReader.FRAME_SIZE, ResultReader.NUM_READERS); context.setAttribute(HYRACKS_DATASET_ATTR, hds); } } AQLParser parser = new AQLParser(query); List<Statement> aqlStatements = parser.Statement(); if (checkForbiddenStatements(aqlStatements, out)) { return; } SessionConfig sessionConfig = new SessionConfig(true, false, false, false, false, false, true, false); MetadataManager.INSTANCE.init(); AqlTranslator aqlTranslator = new AqlTranslator(aqlStatements, out, sessionConfig, format); aqlTranslator.compileAndExecute(hcc, hds, asyncResults); } catch (ParseException pe) { StringBuilder errorMessage = new StringBuilder(); String message = pe.getMessage(); message = message.replace("<", "<"); message = message.replace(">", ">"); errorMessage.append("SyntaxError:" + message + "\n"); int pos = message.indexOf("line"); if (pos > 0) { int columnPos = message.indexOf(",", pos + 1 + "line".length()); int lineNo = Integer.parseInt(message.substring(pos + "line".length() + 1, columnPos)); String line = query.split("\n")[lineNo - 1]; errorMessage.append("==> " + line + "\n"); } JSONObject errorResp = ResultUtils.getErrorResponse(2, errorMessage.toString()); out.write(errorResp.toString()); } catch (Exception e) { StringBuilder errorMessage = new StringBuilder(); errorMessage.append(e.getMessage()); JSONObject errorResp = ResultUtils.getErrorResponse(99, errorMessage.toString()); out.write(errorResp.toString()); } }