Make sure that only arguments that are properties are cheked (#219)

* Make sure that only arguments that are properties are cheked * Check whether all properties are present in the queryables * Optimize query for early property checks
stac-utils · Oct 5, 2023 · 1ea6c5d · 1ea6c5d
1 parent 634122f
commit 1ea6c5d
Show file tree

Hide file tree

Showing 5 changed files with 57 additions and 19 deletions.
diff --git a/src/pgstac/migrations/pgstac.0.8.1-unreleased.sql b/src/pgstac/migrations/pgstac.0.8.1-unreleased.sql
@@ -201,12 +201,27 @@ DECLARE
     _wrapper text;
     leftarg text;
     rightarg text;
+    prop text;
     extra_props bool := pgstac.additional_properties();
 BEGIN
     IF j IS NULL OR (op IS NOT NULL AND args IS NULL) THEN
         RETURN NULL;
     END IF;
     RAISE NOTICE 'CQL2_QUERY: %', j;
+
+    -- check if all properties are represented in the queryables
+    IF NOT extra_props THEN
+        FOR prop IN
+            SELECT DISTINCT p->>0
+            FROM jsonb_path_query(j, 'strict $.**.property') p
+            WHERE p->>0 NOT IN ('id', 'datetime', 'end_datetime', 'collection')
+        LOOP
+            IF (queryable(prop)).nulled_wrapper IS NULL THEN
+                RAISE EXCEPTION 'Term % is not found in queryables.', prop;
+            END IF;
+        END LOOP;
+    END IF;
+
     IF j ? 'filter' THEN
         RETURN cql2_query(j->'filter');
     END IF;
@@ -296,12 +311,6 @@ BEGIN
                 END IF;
             END LOOP;
 
-            IF
-                NOT extra_props AND wrapper IS NULL
-            THEN
-                RAISE EXCEPTION 'Term % is not found in queryables.', arg->>'property';
-            END IF;
-
             -- if the property was not in queryables, see if any args were numbers
             IF
                 wrapper IS NULL

diff --git a/src/pgstac/migrations/pgstac.unreleased.sql b/src/pgstac/migrations/pgstac.unreleased.sql
@@ -1704,12 +1704,27 @@ DECLARE
     _wrapper text;
     leftarg text;
     rightarg text;
+    prop text;
     extra_props bool := pgstac.additional_properties();
 BEGIN
     IF j IS NULL OR (op IS NOT NULL AND args IS NULL) THEN
         RETURN NULL;
     END IF;
     RAISE NOTICE 'CQL2_QUERY: %', j;
+
+    -- check if all properties are represented in the queryables
+    IF NOT extra_props THEN
+        FOR prop IN
+            SELECT DISTINCT p->>0
+            FROM jsonb_path_query(j, 'strict $.**.property') p
+            WHERE p->>0 NOT IN ('id', 'datetime', 'end_datetime', 'collection')
+        LOOP
+            IF (queryable(prop)).nulled_wrapper IS NULL THEN
+                RAISE EXCEPTION 'Term % is not found in queryables.', prop;
+            END IF;
+        END LOOP;
+    END IF;
+
     IF j ? 'filter' THEN
         RETURN cql2_query(j->'filter');
     END IF;
@@ -1799,12 +1814,6 @@ BEGIN
                 END IF;
             END LOOP;
 
-            IF
-                NOT extra_props AND wrapper IS NULL
-            THEN
-                RAISE EXCEPTION 'Term % is not found in queryables.', arg->>'property';
-            END IF;
-
             -- if the property was not in queryables, see if any args were numbers
             IF
                 wrapper IS NULL

diff --git a/src/pgstac/sql/002b_cql.sql b/src/pgstac/sql/002b_cql.sql
@@ -260,12 +260,27 @@ DECLARE
     _wrapper text;
     leftarg text;
     rightarg text;
+    prop text;
     extra_props bool := pgstac.additional_properties();
 BEGIN
     IF j IS NULL OR (op IS NOT NULL AND args IS NULL) THEN
         RETURN NULL;
     END IF;
     RAISE NOTICE 'CQL2_QUERY: %', j;
+
+    -- check if all properties are represented in the queryables
+    IF NOT extra_props THEN
+        FOR prop IN
+            SELECT DISTINCT p->>0
+            FROM jsonb_path_query(j, 'strict $.**.property') p
+            WHERE p->>0 NOT IN ('id', 'datetime', 'end_datetime', 'collection')
+        LOOP
+            IF (queryable(prop)).nulled_wrapper IS NULL THEN
+                RAISE EXCEPTION 'Term % is not found in queryables.', prop;
+            END IF;
+        END LOOP;
+    END IF;
+
     IF j ? 'filter' THEN
         RETURN cql2_query(j->'filter');
     END IF;
@@ -355,12 +370,6 @@ BEGIN
                 END IF;
             END LOOP;
 
-            IF
-                NOT extra_props AND wrapper IS NULL
-            THEN
-                RAISE EXCEPTION 'Term % is not found in queryables.', arg->>'property';
-            END IF;
-
             -- if the property was not in queryables, see if any args were numbers
             IF
                 wrapper IS NULL

diff --git a/src/pgstac/tests/pgtap.sql b/src/pgstac/tests/pgtap.sql
@@ -17,7 +17,7 @@ CREATE EXTENSION IF NOT EXISTS pgtap;
 SET SEARCH_PATH TO pgstac, pgtap, public;
 
 -- Plan the tests.
-SELECT plan(200);
+SELECT plan(202);
 --SELECT * FROM no_plan();
 
 -- Run the tests.

diff --git a/src/pgstac/tests/pgtap/002a_queryables.sql b/src/pgstac/tests/pgtap/002a_queryables.sql
@@ -97,6 +97,17 @@ SELECT lives_ok(
     'Make sure a term present in the list of queryables can be used in a filter'
 );
 
+SELECT lives_ok(
+    $$ SELECT search('{"filter": {"and": [{"t_after": [{"property": "datetime"}, "2020-11-11T00:00:00"]}, {"t_before": [{"property": "datetime"}, "2022-11-11T00:00:00"]}]}}'); $$,
+    'Make sure that only arguments that are properties are checked'
+);
+
+SELECT throws_ok(
+    $$ SELECT search('{"filter": {"and": [{"t_after": [{"property": "datetime"}, "2020-11-11T00:00:00"]}, {"eq": [{"property": "xyzzy"}, "dummy"]}]}}'); $$,
+    'Term xyzzy is not found in queryables.',
+    'Make sure a term not present in the list of queryables cannot be used in a filter with nested arguments'
+);
+
 SET pgstac.additional_properties to 'true';
 
 SELECT results_eq(