Sanitize entity.math_property (#5485)

* Sanitize `entity.math_property` Was refactoring related code and stumbled upon this issue. Yikes! * WIP * Improve breakdowns
2024-12-01 12:21:02 +01:00 · 2021-08-06 17:43:21 +03:00 · 2021-08-06 17:43:21 +03:00 · baa89a1386
commit baa89a1386
parent da0edb87d8
3 changed files with 28 additions and 14 deletions
--- a/ee/clickhouse/queries/breakdown_props.py
+++ b/ee/clickhouse/queries/breakdown_props.py
@ -35,7 +35,7 @@ def _get_top_elements(filter: Filter, team_id: int, query: str, limit, params: D


 def get_breakdown_person_prop_values(
-    filter: Filter, entity: Entity, aggregate_operation: str, team_id: int, limit: int = 25
+    filter: Filter, entity: Entity, aggregate_operation: str, team_id: int, limit: int = 25, extra_params={}
 ):
    parsed_date_from, parsed_date_to, _ = parse_timestamps(filter=filter, team_id=team_id)
    prop_filters, prop_filter_params = parse_prop_clauses(
@ -65,7 +65,7 @@ def get_breakdown_person_prop_values(
        filter=filter,
        team_id=team_id,
        query=elements_query,
-        params={**prop_filter_params, **person_prop_params, **entity_params},
+        params={**prop_filter_params, **person_prop_params, **entity_params, **extra_params},
        limit=limit,
    )

@ -73,7 +73,7 @@ def get_breakdown_person_prop_values(


 def get_breakdown_event_prop_values(
-    filter: Filter, entity: Entity, aggregate_operation: str, team_id: int, limit: int = 25
+    filter: Filter, entity: Entity, aggregate_operation: str, team_id: int, limit: int = 25, extra_params={}
 ):
    parsed_date_from, parsed_date_to, _ = parse_timestamps(filter=filter, team_id=team_id)
    prop_filters, prop_filter_params = parse_prop_clauses(
@ -93,7 +93,7 @@ def get_breakdown_event_prop_values(
        filter=filter,
        team_id=team_id,
        query=elements_query,
-        params={**prop_filter_params, **entity_params},
+        params={**prop_filter_params, **entity_params, **extra_params},
        limit=limit,
    )

--- a/ee/clickhouse/queries/trends/breakdown.py
+++ b/ee/clickhouse/queries/trends/breakdown.py
@ -83,11 +83,11 @@ class ClickhouseTrendsBreakdown:
            )
        elif filter.breakdown_type == "person":
            (_params, breakdown_filter, _breakdown_filter_params, breakdown_value,) = self._breakdown_person_params(
-                "count(*)" if entity.math == "dau" else aggregate_operation, entity, filter, team_id
+                "count(*)" if entity.math == "dau" else aggregate_operation, math_params, entity, filter, team_id
            )
        else:
            (_params, breakdown_filter, _breakdown_filter_params, breakdown_value,) = self._breakdown_prop_params(
-                "count(*)" if entity.math == "dau" else aggregate_operation, entity, filter, team_id
+                "count(*)" if entity.math == "dau" else aggregate_operation, math_params, entity, filter, team_id
            )

        if len(_params["values"]) == 0:
@ -158,8 +158,12 @@ class ClickhouseTrendsBreakdown:

        return params, breakdown_filter, breakdown_filter_params, "value"

-    def _breakdown_person_params(self, aggregate_operation: str, entity: Entity, filter: Filter, team_id: int):
-        values_arr = get_breakdown_person_prop_values(filter, entity, aggregate_operation, team_id)
+    def _breakdown_person_params(
+        self, aggregate_operation: str, math_params: Dict, entity: Entity, filter: Filter, team_id: int
+    ):
+        values_arr = get_breakdown_person_prop_values(
+            filter, entity, aggregate_operation, team_id, extra_params=math_params
+        )
        breakdown_filter_params = {
            "latest_person_sql": GET_LATEST_PERSON_SQL.format(query=""),
        }
@ -174,8 +178,12 @@ class ClickhouseTrendsBreakdown:
            "value",
        )

-    def _breakdown_prop_params(self, aggregate_operation: str, entity: Entity, filter: Filter, team_id: int):
-        values_arr = get_breakdown_event_prop_values(filter, entity, aggregate_operation, team_id)
+    def _breakdown_prop_params(
+        self, aggregate_operation: str, math_params: Dict, entity: Entity, filter: Filter, team_id: int
+    ):
+        values_arr = get_breakdown_event_prop_values(
+            filter, entity, aggregate_operation, team_id, extra_params=math_params
+        )
        params = {
            "values": values_arr,
        }
--- a/ee/clickhouse/queries/trends/util.py
+++ b/ee/clickhouse/queries/trends/util.py
@ -7,7 +7,6 @@ from ee.clickhouse.models.action import format_action_filter
 from ee.clickhouse.queries.util import format_ch_timestamp, get_earliest_timestamp
 from ee.clickhouse.sql.events import EVENT_JOIN_PERSON_SQL
 from posthog.constants import TREND_FILTER_TYPE_ACTIONS, WEEKLY_ACTIVE
-from posthog.models.action import Action
 from posthog.models.entity import Entity
 from posthog.models.filters import Filter

@ -22,18 +21,25 @@ MATH_FUNCTIONS = {
    "p99": "quantile(0.99)",
 }

+entity_index = 0
+

 def process_math(entity: Entity) -> Tuple[str, str, Dict[str, Optional[str]]]:
+    global entity_index
+
+    # :KLUDGE: Generate a unique parameter name every time this is called to avoid collisions.
+    value = f"toFloat64OrNull(JSONExtractRaw(properties, %(e_{entity_index % 1000}_math)s))"
+    params = {f"e_{entity_index % 1000}_math": entity.math_property}
+    entity_index += 1
+
    aggregate_operation = "count(*)"
-    params = {}
    join_condition = ""
-    value = "toFloat64OrNull(JSONExtractRaw(properties, '{}'))".format(entity.math_property)
    if entity.math == "dau":
        join_condition = EVENT_JOIN_PERSON_SQL
        aggregate_operation = "count(DISTINCT person_id)"
    elif entity.math in MATH_FUNCTIONS:
        aggregate_operation = f"{MATH_FUNCTIONS[entity.math]}({value})"
-        params = {"join_property_key": entity.math_property}
+        params["join_property_key"] = entity.math_property

    return aggregate_operation, join_condition, params