Skip to content

Fix missing parentheses around OR conditions in JDBCZipkinQueryDAO.getTraces()#13790

Merged
wu-sheng merged 3 commits intoapache:masterfrom
currenjin:fix/jdbc-zipkin-query-missing-parentheses-in-or-clause
Apr 4, 2026
Merged

Fix missing parentheses around OR conditions in JDBCZipkinQueryDAO.getTraces()#13790
wu-sheng merged 3 commits intoapache:masterfrom
currenjin:fix/jdbc-zipkin-query-missing-parentheses-in-or-clause

Conversation

@currenjin
Copy link
Copy Markdown
Contributor

@currenjin currenjin commented Apr 3, 2026

Fix incorrect trace ID filter in JDBCZipkinQueryDAO.getTraces(Set<String>, Duration)

  • Add unit tests to verify the fix.
  • Update the CHANGES log.

The trace ID filter in getTraces() was built as chained OR conditions without parentheses:

WHERE table_column = ? and trace_id = ? or trace_id = ? or trace_id = ?

Because AND has higher precedence than OR in SQL, this is evaluated as:

WHERE (table_column = ? and trace_id = ?) or trace_id = ? or trace_id = ?

Only the first trace ID is filtered together with the table_column condition. The remaining trace IDs bypass the table_column filter entirely, potentially returning rows from unrelated tables.

Fix

Replaced the OR chain with a proper IN clause using individual bind parameters:

WHERE table_column = ? and trace_id in (?,?,?)

This is the same pattern used in other JDBC DAOs like JDBCEBPFProfilingTaskDAO.appendListCondition().

  • If this pull request closes/resolves/fixes an existing issue, replace the issue number. Closes #.

@currenjin currenjin force-pushed the fix/jdbc-zipkin-query-missing-parentheses-in-or-clause branch from ae80c33 to de551e1 Compare April 3, 2026 23:47
currenjin added 3 commits April 4, 2026 08:49
@currenjin
Fix missing parentheses around OR conditions in JDBCZipkinQueryDAO.ge…
6630251 
…tTraces()

The trace ID filter was built as chained OR conditions without parentheses:
  WHERE table_column = ? and trace_id = ? or trace_id = ? or trace_id = ?

Because AND has higher precedence than OR, only the first trace ID was
filtered together with the table_column condition. The remaining trace IDs
bypassed the table_column filter entirely, potentially returning rows
from unrelated tables.

Replace the OR chain with a proper IN clause using individual bind
parameters, which is both correct and cleaner.
@currenjin
Add unit tests for JDBCZipkinQueryDAO.getTraces() trace ID filtering
c6af23d 
Verify that:
- Multiple trace IDs produce a proper IN clause with individual placeholders
- No OR conditions are used (which had operator precedence issues)
- Single trace ID produces IN clause with one placeholder
- Empty trace ID set returns empty list without querying
@currenjin
Update CHANGES log for JDBCZipkinQueryDAO trace ID filter fix
7727893
@currenjin currenjin force-pushed the fix/jdbc-zipkin-query-missing-parentheses-in-or-clause branch from de551e1 to 7727893 Compare April 3, 2026 23:49
@wu-sheng wu-sheng requested review from Copilot and wankai123 April 3, 2026 23:49
@wu-sheng wu-sheng added this to the 10.5.0 milestone Apr 3, 2026
@wu-sheng wu-sheng added bug Something isn't working and you are sure it's a bug! backend OAP backend related. labels Apr 3, 2026
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes an SQL precedence bug in the JDBC Zipkin trace query path where a chained OR condition could bypass the logical table filter for all but the first trace ID. It updates the query construction to use a properly parameterized IN clause and adds unit tests plus a changelog entry.

Changes:

  • Update JDBCZipkinQueryDAO.getTraces(Set<String>, Duration) to use trace_id in (?,?,...) instead of trace_id = ? or trace_id = ? ....
  • Add unit tests validating the generated SQL and behavior for empty / single / multiple trace IDs.
  • Document the fix in docs/en/changes/changes.md.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
oap-server/server-storage-plugin/storage-jdbc-hikaricp-plugin/src/main/java/org/apache/skywalking/oap/server/storage/plugin/jdbc/common/dao/JDBCZipkinQueryDAO.java Fixes the trace-id filtering SQL by switching from OR chaining to a correctly-scoped IN clause.
oap-server/server-storage-plugin/storage-jdbc-hikaricp-plugin/src/test/java/org/apache/skywalking/oap/server/storage/plugin/jdbc/common/dao/JDBCZipkinQueryDAOTest.java Adds coverage to ensure the new SQL uses IN (and avoids OR) and handles empty/single/multi trace-id inputs.
docs/en/changes/changes.md Records the behavioral fix in the changelog.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@wu-sheng wu-sheng merged commit 3bb501f into apache:master Apr 4, 2026
413 of 425 checks passed
@currenjin currenjin deleted the fix/jdbc-zipkin-query-missing-parentheses-in-or-clause branch April 4, 2026 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@wu-sheng wu-sheng wu-sheng approved these changes

@wankai123 wankai123 Awaiting requested review from wankai123

Assignees

No one assigned

Labels

backend OAP backend related. bug Something isn't working and you are sure it's a bug!

Projects

None yet

Milestone

10.5.0

Development

Successfully merging this pull request may close these issues.

3 participants

@currenjin @wu-sheng