From 0d648321dca8d224f4319b7622e0c090b679c31a Mon Sep 17 00:00:00 2001
From: Joel Juarez <j7.juarezb@gmail.com>
Date: Fri, 6 Sep 2019 15:17:21 +0200
Subject: [PATCH] Bael 3043 datastax cassandra (#7616)

* BAEL-3043: Datastax Java Driver for Apache Cassandra

* changed statement to use query builder

* fixed concatenation vulnerability
---
 persistence-modules/java-cassandra/pom.xml    |  5 +++
 .../datastax/cassandra/Application.java       |  2 +-
 .../repository/KeyspaceRepository.java        | 20 ++++-----
 .../cassandra/repository/VideoRepository.java | 45 +++++++++++--------
 4 files changed, 42 insertions(+), 30 deletions(-)

diff --git a/persistence-modules/java-cassandra/pom.xml b/persistence-modules/java-cassandra/pom.xml
index e7c93bc4e5..3f8367d130 100644
--- a/persistence-modules/java-cassandra/pom.xml
+++ b/persistence-modules/java-cassandra/pom.xml
@@ -35,6 +35,11 @@
             <artifactId>java-driver-core</artifactId>
             <version>${datastax-cassandra.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.datastax.oss</groupId>
+            <artifactId>java-driver-query-builder</artifactId>
+            <version>${datastax-cassandra.version}</version>
+        </dependency>
 
         <dependency>
             <groupId>io.netty</groupId>
diff --git a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/Application.java b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/Application.java
index 23140e0455..f067ee8b73 100644
--- a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/Application.java
+++ b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/Application.java
@@ -26,7 +26,7 @@ public class Application {
 
         KeyspaceRepository keyspaceRepository = new KeyspaceRepository(session);
 
-        keyspaceRepository.createKeyspace("testKeyspace", "SimpleStrategy", 1);
+        keyspaceRepository.createKeyspace("testKeyspace", 1);
         keyspaceRepository.useKeyspace("testKeyspace");
 
         VideoRepository videoRepository = new VideoRepository(session);
diff --git a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/KeyspaceRepository.java b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/KeyspaceRepository.java
index fd4581d055..899481738a 100644
--- a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/KeyspaceRepository.java
+++ b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/KeyspaceRepository.java
@@ -1,7 +1,11 @@
 package com.baeldung.datastax.cassandra.repository;
 
+import com.datastax.oss.driver.api.core.CqlIdentifier;
 import com.datastax.oss.driver.api.core.CqlSession;
 
+import com.datastax.oss.driver.api.querybuilder.SchemaBuilder;
+import com.datastax.oss.driver.api.querybuilder.schema.CreateKeyspace;
+
 public class KeyspaceRepository {
     private final CqlSession session;
 
@@ -9,19 +13,15 @@ public class KeyspaceRepository {
         this.session = session;
     }
 
-    public void createKeyspace(String keyspaceName, String replicationStrategy, int numberOfReplicas) {
-        StringBuilder sb = new StringBuilder("CREATE KEYSPACE IF NOT EXISTS ").append(keyspaceName)
-            .append(" WITH replication = {")
-            .append("'class':'").append(replicationStrategy)
-            .append("','replication_factor':").append(numberOfReplicas)
-            .append("};");
+    public void createKeyspace(String keyspaceName, int numberOfReplicas) {
+        CreateKeyspace createKeyspace = SchemaBuilder.createKeyspace(keyspaceName)
+          .ifNotExists()
+          .withSimpleStrategy(numberOfReplicas);
 
-        final String query = sb.toString();
-
-        session.execute(query);
+        session.execute(createKeyspace.build());
     }
 
     public void useKeyspace(String keyspace) {
-        session.execute("USE " + keyspace);
+        session.execute("USE " + CqlIdentifier.fromCql(keyspace));
     }
 }
diff --git a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/VideoRepository.java b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/VideoRepository.java
index 9a09d77072..48eb000eba 100644
--- a/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/VideoRepository.java
+++ b/persistence-modules/java-cassandra/src/main/java/com/baeldung/datastax/cassandra/repository/VideoRepository.java
@@ -7,6 +7,12 @@ import com.datastax.oss.driver.api.core.cql.BoundStatement;
 import com.datastax.oss.driver.api.core.cql.PreparedStatement;
 import com.datastax.oss.driver.api.core.cql.ResultSet;
 import com.datastax.oss.driver.api.core.cql.SimpleStatement;
+import com.datastax.oss.driver.api.core.type.DataTypes;
+import com.datastax.oss.driver.api.querybuilder.QueryBuilder;
+import com.datastax.oss.driver.api.querybuilder.SchemaBuilder;
+import com.datastax.oss.driver.api.querybuilder.insert.RegularInsert;
+import com.datastax.oss.driver.api.querybuilder.schema.CreateTable;
+import com.datastax.oss.driver.api.querybuilder.select.Select;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -27,15 +33,12 @@ public class VideoRepository {
     }
 
     public void createTable(String keyspace) {
-        StringBuilder sb = new StringBuilder("CREATE TABLE IF NOT EXISTS ").append(TABLE_NAME).append(" (")
-            .append("video_id UUID,")
-            .append("title TEXT,")
-            .append("creation_date TIMESTAMP,")
-            .append("PRIMARY KEY(video_id));");
+        CreateTable createTable = SchemaBuilder.createTable(TABLE_NAME).ifNotExists()
+          .withPartitionKey("video_id", DataTypes.UUID)
+          .withColumn("title", DataTypes.TEXT)
+          .withColumn("creation_date", DataTypes.TIMESTAMP);
 
-        String query = sb.toString();
-
-        executeStatement(SimpleStatement.newInstance(query), keyspace);
+        executeStatement(createTable.build(), keyspace);
     }
 
     public UUID insertVideo(Video video) {
@@ -47,17 +50,23 @@ public class VideoRepository {
 
         video.setId(videoId);
 
-        String absoluteTableName = keyspace != null ? keyspace + "." + TABLE_NAME: TABLE_NAME;
+        RegularInsert insertInto = QueryBuilder.insertInto(TABLE_NAME)
+          .value("video_id", QueryBuilder.bindMarker())
+          .value("title", QueryBuilder.bindMarker())
+          .value("creation_date", QueryBuilder.bindMarker());
 
-        StringBuilder sb = new StringBuilder("INSERT INTO ").append(absoluteTableName)
-            .append("(video_id, title, creation_date) values (:video_id, :title, :creation_date)");
+        SimpleStatement insertStatement = insertInto.build();
 
-        PreparedStatement preparedStatement = session.prepare(sb.toString());
+        if (keyspace != null) {
+            insertStatement = insertStatement.setKeyspace(keyspace);
+        }
+
+        PreparedStatement preparedStatement = session.prepare(insertStatement);
 
         BoundStatement statement = preparedStatement.bind()
-            .setUuid("video_id", video.getId())
-            .setString("title", video.getTitle())
-            .setInstant("creation_date", video.getCreationDate());
+          .setUuid(0, video.getId())
+          .setString(1, video.getTitle())
+          .setInstant(2, video.getCreationDate());
 
         session.execute(statement);
 
@@ -69,11 +78,9 @@ public class VideoRepository {
     }
 
     public List<Video> selectAll(String keyspace) {
-        StringBuilder sb = new StringBuilder("SELECT * FROM ").append(TABLE_NAME);
+        Select select = QueryBuilder.selectFrom(TABLE_NAME).all();
 
-        String query = sb.toString();
-
-        ResultSet resultSet = executeStatement(SimpleStatement.newInstance(query), keyspace);
+        ResultSet resultSet = executeStatement(select.build(), keyspace);
 
         List<Video> result = new ArrayList<>();