Slow queries retrieval #22
Conversation
…low quewry anlaysis. This groups similarly worded queries in the completed_requests catalog and returns a min, max and average runtime for them
…base cluster, including their bucket settings.
…ueries from the completed_requests catalog. Summary statistics are grouped by like-queries with different filtered values. Specific information can be requested per query.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary of Changes
Hello @Eyal-CB, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!
This pull request significantly enhances the server's diagnostic capabilities by introducing advanced tools for analyzing N1QL query performance, particularly focusing on identifying and understanding slow queries. It also improves the flexibility of database interactions by shifting from a single, globally configured bucket to a per-operation bucket specification for most data access and query tools.
Highlights
- Enhanced Query Analysis: Introduced new capabilities to analyze slow queries from the
completed_requestscatalog, including aggregate summaries by query pattern and retrieval of specific query execution plans. - Index Advisor Integration: Added a tool (
advise_index_for_sql_plus_plus_query) to provide index recommendations for SQL++ queries, leveraging the N1QLADVISEstatement. - Flexible Bucket Handling: Refactored the server to remove the global
CB_BUCKET_NAMEconfiguration, allowing most tools to specify the target bucket per operation, improving multi-bucket support. - New Bucket Listing Tool: A new tool (
get_list_of_buckets_with_settings) was added to programmatically retrieve a list of all buckets and their settings from the Couchbase cluster.
Using Gemini Code Assist
The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.
Invoking Gemini
You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.
| Feature | Command | Description |
|---|---|---|
| Code Review | /gemini review |
Performs a code review for the current pull request in its current state. |
| Pull Request Summary | /gemini summary |
Provides a summary of the current pull request in its current state. |
| Comment | @gemini-code-assist | Responds in comments when explicitly tagged, both in issue comments and review comments. |
| Help | /gemini help |
Displays a list of available commands. |
Customization
To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.
Limitations & Feedback
Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.
You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.
Footnotes
-
Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩
| LIMIT {limit} | ||
| """ | ||
|
|
||
| query = query_template.format(limit=query_limit,query_statement=query_statement) |
There was a problem hiding this comment.
This code is vulnerable to N1QL injection. The query_statement is formatted directly into the query string. You should use parameterized queries to prevent this critical security vulnerability. The query template on lines 463-469 should be updated to use named parameters (e.g., $query_statement and $limit), and the call to system_catalog_query should pass these parameters.
There was a problem hiding this comment.
added int type verification to param query_limit
| LIMIT {limit} | ||
| """ | ||
|
|
||
| query = query_template.format(limit=query_limit,query_statement=query_statement) |
There was a problem hiding this comment.
Similar to the other new query functions, this one is vulnerable to N1QL injection. The query_statement is formatted directly into the query. This is a critical security risk. Please use a named parameter for query_statement and pass it to the system_catalog_query function. The query template on lines 487-515 will need to be updated to use named parameters.
There was a problem hiding this comment.
added int type verification to param query_limit
|
|
||
|
|
||
| # Util Functions | ||
| def system_catalog_query(ctx: Context, query: str) -> list[dict[str, Any]]: |
There was a problem hiding this comment.
This function should support parameterized queries to prevent N1QL injection vulnerabilities in the functions that call it (like retreive_single_slow_query_plan). You can achieve this by accepting keyword arguments (**kwargs) and passing them to cluster.query(). This is a critical security fix.
Adding the capability to query the completed_requests catalog for slow queries.
Two methods added: