hibernate.jdbc.batch_size设置为50,不允许在异常期间测试单个更新
[英]hibernate.jdbc.batch_size set to 50 not allowing to test single update during exception
问题描述
I needed to fix security vulnerability stating exception contains sensitive details whenever application is unable to update data in DB and i have fixed it by catching the db exception and customizing its error message. 
我需要修复安全漏洞,指出每当应用程序无法更新数据库中的数据时,异常均包含敏感细节,并且已通过捕获数据库异常并自定义其错误消息来修复了该漏洞。
To test this fix, i need to execute updateList service and validate the response but in Hibernate hibernate.jdbc.batch_size is set to 50 due to which single update cannot be tested as this would always return data updated successfully because update query will hit the database only when update count reaches to 50. 要测试此修复程序,我需要执行updateList服务并验证响应,但是在Hibernate中,由于无法测试单个更新,因此hibernate.jdbc.batch_size设置为50,因为它将始终返回成功更新的数据,因为更新查询将命中数据库仅当更新计数达到50时。
I can only test the fix if by putting sessionFactory.getCurrentSession().flush() as mentioned below. 我只能通过如下所述将sessionFactory.getCurrentSession()。flush()放入来测试此修复程序。
public void update(final List list)
{
sessionFactory.getCurrentSession().update(list);
sessionFactory.getCurrentSession().flush();
}
Is there any other best solution? 还有其他最佳解决方案吗? or flush() will force query or queries to get updated in the DB but not sure about the impact on hibernate.jdbc.batch_size = 50; 或flush()会强制一个或多个查询在数据库中更新,但不确定对hibernate.jdbc.batch_size = 50的影响;
2 个解决方案
解决方案1
0 2017-07-28 09:31:44
"update query will hit the database only when update count reaches to 50" it is not completely true. “仅当更新计数达到50时,更新查询才会命中数据库”,这并非完全正确。 Also it will hit db when transaction is closed. 当事务关闭时,它将命中db。
You can add flush , but it may lead to performance degradation ( hibernate.jdbc.batch_size=50 was there for reason). 您可以添加flush ,但这可能会导致性能下降(出于某种原因,其中出现了hibernate.jdbc.batch_size=50 )。
I suggest you to put you try catch in some other place. 我建议您把钓丝放在其他地方。 Like if it is servlet add custom filter. 就像是servlet一样,添加自定义过滤器。 It will also save you from such exception in different place. 这还将使您免于在其他地方出现此类异常情况。 With Hibernate it is hard to predict when it decide to flush data to db. 使用Hibernate很难预测何时决定将数据刷新到db。
解决方案2
0 2017-07-28 09:32:15
Is there any other best solution?
Yes. 是。
To handle a single error case, you should not change your implementation in a way that will not reflect the real implementation in production. 要处理单个错误情况,您不应以不会反映生产中实际实现的方式更改实现。
Why ? 为什么呢 Because after this test you have to think to make your implementation step back to have the expected behavior in production. 因为在测试之后,您必须考虑使您的实现退后一步以在生产中具有预期的行为。
You have not to forget to do these changes at each time you want to test this special case. 您不必忘记在每次要测试此特殊情况时进行这些更改。
Otherwise your application may not work any longer as expected. 否则,您的应用程序可能无法正常运行。
It is not the good way. 这不是好方法。
To test your case, you could write an unit test . 要测试您的案例,可以编写一个单元测试 。
Besides, this one should not necessarily rely on real database calls. 此外,这一程序不必一定要依赖实际的数据库调用。
I propose this approach to unit test : 我建议将这种方法用于单元测试:
- Mock the object that produces the exception with sensitive information in the message. 用消息中的敏感信息模拟产生异常的对象。
- Record a behavior for it. 记录它的行为。 When it is called, do this mock object throws an exception with similar sensitive information in the message. 调用该模拟对象时,它会在消息中引发具有类似敏感信息的异常。
- When the method to test is invoked, assert the error message get doesn't contain any sensitive information. 调用要测试的方法时,断言错误消息get不包含任何敏感信息。
If this feature is really important to be tested regularly and in an environment very close from the target, you could create an integration test that uses the same constraints that the application in production ( hibernate.jdbc.batch_size=50 ) and that so insert also at least 50 data in a database. 如果此功能对于定期测试并在距离目标非常近的环境中确实很重要,则可以创建一个集成测试 ,该测试使用与生产中的应用程序相同的约束( hibernate.jdbc.batch_size=50 ),并因此插入数据库中至少有50个数据。
Of course, this test may be costly in terms of time and should be invoked automatically only on a CI tool. 当然,此测试可能会花费大量时间,并且仅应在CI工具上自动调用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.