Skip to content

[DT-3779] Handle invalid queries better#2966

Merged
rushtong merged 7 commits into
developfrom
gr-DT-3779-invalid-query
Jul 8, 2026
Merged

[DT-3779] Handle invalid queries better#2966
rushtong merged 7 commits into
developfrom
gr-DT-3779-invalid-query

Conversation

@rushtong

@rushtong rushtong commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Addresses

https://broadworkbench.atlassian.net/browse/DT-3779

Summary

This PR adds additional filtering to prevent invalid queries from reaching the database. New test cases are added and several pre-existing sonar warnings are also addressed.


Have you read CONTRIBUTING.md lately? If not, do that first.

  • Label PR with a Jira ticket number and include a link to the ticket
  • Label PR with a security risk modifier [no, low, medium, high]
  • PR describes scope of changes
  • Get a minimum of one thumbs worth of review, preferably two if enough team members are available
  • Get PO sign-off for all non-trivial UI or workflow changes
  • Verify all tests go green
  • Test this change deployed correctly and works on dev environment after deployment

@rushtong rushtong marked this pull request as ready for review July 8, 2026 11:39
@rushtong rushtong requested a review from a team as a code owner July 8, 2026 11:39
@rushtong rushtong requested review from Copilot, fboulnois, kevinmarete and otchet-broad and removed request for a team July 8, 2026 11:39

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves resilience of ontology search by ensuring user-provided query strings that sanitize down to “no meaningful tokens” don’t reach PostgreSQL to_tsquery, and updates tests to cover additional invalid-input cases.

Changes:

  • Filter out empty tokens in sanitizeForTsQuery, preventing generation of invalid tsquery fragments.
  • Expand DAO tests to cover “no alphanumeric content” query inputs and make timestamps deterministic via a fixed Instant.
  • Add targeted Sonar suppressions for known-safe test URL constants.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
src/main/java/org/broadinstitute/consent/http/service/ontology/OntologyDAO.java Ensures tsquery sanitization cannot emit empty tokens, supporting early-return behavior for invalid queries.
src/test/java/org/broadinstitute/consent/http/db/OntologyDAOTest.java Adds/adjusts tests for invalid query inputs and stabilizes time-dependent test data creation.

@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

@fboulnois fboulnois left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my guess is there are other invalid patterns that can be used, but this seems like a reasonable near-term fix 👍

@otchet-broad otchet-broad left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@rushtong rushtong merged commit 0e8a7cc into develop Jul 8, 2026
11 checks passed
@rushtong rushtong deleted the gr-DT-3779-invalid-query branch July 8, 2026 17:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants