Fix the data sync issue

[vanitha1822]

📋 Description

JIRA ID:

AMM-1352

The data sync fails when handling large volumes of data. Implement batch queries to resolve this issue.

✅ Type of Change

• 🐞 Bug fix (non-breaking change which resolves an issue)

---

Summary by CodeRabbit

• New Features

  • Introduced batch processing for beneficiary details with improved synchronization efficiency.
  • Added support for paginated data retrieval to handle large datasets effectively.
  • Enhanced data synchronization endpoint to accept and utilize JWT tokens from requests.

• Refactor

  • Improved JWT token extraction logic for API requests to ensure consistent authentication handling.
  • Added detailed logging for authorization and token management during data synchronization.
  • Refined synchronization logic with better error handling, modularization, and detailed logging.
  • Enhanced robustness and maintainability of data synchronization methods with improved logging and exception handling.

• Chores

  • Enhanced database connection pool settings for better performance and reliability.
  • Increased logging verbosity for database connection operations.
  • Updated logging dependencies to re-enable default Spring Boot logging with explicit SLF4J support.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

A new batch retrieval method was added to the data synchronization repository. The data sync service was enhanced to process beneficiary details in batches, marking them as processed after updates. The controller was updated to extract a JWT token from request cookies and pass it along during sync. The utility for creating REST requests was refactored to improve JWT token extraction from request headers and cookies.

Changes

File(s)	Change Summary
.../service/dataSyncLayerCentral/DataSyncRepositoryCentral.java	Refactored methods for clarity and error handling; added getBatchForBenDetails for paginated batch data retrieval.
.../service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java	Added token parameter to syncDataToServer; added batch processing for beneficiary details; added table grouping and modular sync methods; enhanced logging and error handling.
.../controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java	Modified dataSyncToServer to accept HttpServletRequest, extract JWT token from cookies, and pass it to sync method.
.../utils/RestTemplateUtil.java	Refactored JWT token extraction logic to always get request attributes; added check for "JwtToken" header; added headers logging.
application.properties	Added Tomcat JDBC pool properties: max wait, test on borrow, validation query and interval; set pool logging to DEBUG.

Suggested reviewers

• devikasuresh20

Possibly related PRs

• Pass the token from controller to fix the issue in data sync #92: Modified controller methods to extract JWT token from HTTP request and pass it to service layer during data synchronization, closely related to token propagation changes here.
• AMM-1168 #64: Related refactoring and logging improvements in DataSyncRepositoryCentral focusing on query handling and error management.

Poem

🥕 Hopping through code with a joyful cheer,

New batches of data now appear!
Tokens extracted from cookies with care,
Syncing the details, no time to spare.
Updates in batches, smooth as can be,
In the garden of code, we're happy as a bunny! 🐇

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch datasync_1352

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4d9fc8d and 54c7ad0.

📒 Files selected for processing (2)

• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (1 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Package-test
• GitHub Check: style-check / checkstyle
• GitHub Check: Build
• GitHub Check: Analyze (java)

🔇 Additional comments (2)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (2)

63-71: Code logic looks correct for the new table handling.

The conditional logic properly routes "i_beneficiarydetails" table to the new batch processing method, which should help with the data sync issue for large volumes.

---

354-364: Query construction is correct and secure.

The UPDATE query is properly constructed using StringBuilder with parameterized values, which prevents SQL injection vulnerabilities.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (3)

76-76: Make batch size configurable instead of hardcoded.

The hardcoded batch size persists from previous reviews. This should be configurable through application properties for better maintainability and performance tuning.

+@Value("${sync.batch.size:500}")
+private int batchSize;
+
-int batchSize = 500;
+// Use the injected batchSize field instead

---

80-88: Add safeguards to prevent infinite loops.

The while(true) loop lacks proper termination safeguards and could run indefinitely if there are issues with data processing or the batch method returns inconsistent results.

+private static final int MAX_ITERATIONS = 10000; // Safety limit
+
public void syncTableFromVan(String schema, String tableName, String columnNames, String whereClause, String insertQuery) {
    int batchSize = 500;
    int offset = 0;
-   boolean hasMoreData = true;
+   int iterations = 0;

-   while (hasMoreData) {
+   while (iterations < MAX_ITERATIONS) {
        List<Map<String, Object>> batch = dataSyncRepositoryCentral.getBatchForTable(
                schema, tableName, columnNames, whereClause, batchSize, offset);

        if (batch == null || batch.isEmpty()) {
            logger.info("No more records to sync for table: {}", tableName);
            System.out.println("Test:No more records to sync for table: " + tableName);
            break;
        }
        
        // ... rest of processing logic
        
        offset += batchSize;
+       iterations++;
    }
+   
+   if (iterations >= MAX_ITERATIONS) {
+       throw new RuntimeException("Batch processing exceeded maximum iterations limit");
+   }
}

---

75-103: Add transaction management for batch operations.

Large batch operations should be wrapped in transactions to ensure data consistency and provide rollback capability in case of failures.

+import org.springframework.transaction.annotation.Transactional;

+@Transactional
public void syncTableFromVan(String schema, String tableName, String columnNames, String whereClause, String insertQuery) {
    // existing implementation
}

Also consider adding proper error handling and logging for batch processing operations to aid in debugging sync issues.

🧹 Nitpick comments (3)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1)

57-57: Standardize logging approach.

The code uses both SLF4J logger and System.out.println for similar messages. This creates inconsistency and makes log management difficult.

Choose one approach for consistency:

• Use SLF4J logger for production logging
• Use System.out.println only for temporary debugging

logger.info("Starting sync for table: {}", tableName);
-System.out.println("Test:Starting sync for table: " + tableName);

Also applies to: 62-62, 67-67, 86-86, 100-100

src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java (2)

139-140: Consider the debugging approach for production readiness.

Multiple System.out.println statements have been added throughout the file, often alongside commented-out logger statements. While this is useful for debugging, consider the following for production:

1. Temporary vs Permanent: If these are temporary debugging statements, ensure they're removed before production deployment
2. Log Level Management: Consider using logger with DEBUG level instead of System.out.println for better log management
3. Performance Impact: System.out.println can impact performance in high-throughput scenarios

For production deployment, consider:

-System.out.println("Piramal: SyncData="+new Gson().toJson(syncData));
+logger.debug("SyncData: {}", new Gson().toJson(syncData));

Also applies to: 144-145, 153-154, 162-166, 174-175, 283-283, 308-310, 317-318, 334-334, 352-354, 379-380, 384-385, 387-387, 425-425, 428-428

---

155-155: Performance consideration for JSON serialization in debug statements.

The debug statements are performing JSON serialization with new Gson().toJson() which can be expensive for large datasets, especially since they're executed in production code paths.

Consider conditional serialization or using logger's lazy evaluation:

-System.out.println("Piramal: SyncData="+new Gson().toJson(syncData));
+if (logger.isDebugEnabled()) {
+    logger.debug("SyncData: {}", new Gson().toJson(syncData));
+}

Also applies to: 165-166, 309-310, 334-334, 384-385, 425-425

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ee6d459 and 7ab2343.

📒 Files selected for processing (3)

• src/main/java/com/iemr/mmu/service/dataSyncActivity/DataSyncRepository.java (1 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java (7 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Package

src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java

[warning] Checkstyle warnings: Some methods exceed max allowed length; multiple lines longer than 120 characters; 'if' and 'else' constructs must use braces; naming conventions violations

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java

[error] 81-81: Compilation error: cannot find symbol method getBatchForTable(String, String, String, String, int, int) in DataSyncRepositoryCentral

🪛 GitHub Actions: Build On Pull Request

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java

[error] 81-81: Compilation error: cannot find symbol method getBatchForTable(String, String, String, String, int, int) in DataSyncRepositoryCentral

🪛 GitHub Actions: Call Checkstyle

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java

[error] 81-81: Compilation error: cannot find symbol method getBatchForTable(String, String, String, String, int, int) in variable dataSyncRepositoryCentral of type DataSyncRepositoryCentral

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (java)

🔇 Additional comments (1)

src/main/java/com/iemr/mmu/service/dataSyncActivity/DataSyncRepository.java (1)

88-88: Debug output added for result set visibility.

The debug print statement helps trace the data being retrieved during synchronization operations, which aligns with the overall debugging approach in this PR.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

src/main/java/com/iemr/mmu/utils/RestTemplateUtil.java (1)

26-37: Remove commented code to improve code cleanliness.

The commented code should be removed as it's no longer needed and clutters the codebase.

-	//  if (jwtToken == null || jwtToken.isEmpty()) {
-    //         ServletRequestAttributes attrs =
-    //                 (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
-    //         if (attrs != null) {
-    //             HttpServletRequest request = attrs.getRequest();
-    //             try {
-    //                 jwtToken = CookieUtil.getJwtTokenFromCookie(request);
-    //             } catch (Exception e) {
-    //                 logger.error("Error while getting JWT token from cookie: {}", e.getMessage());
-    //             }
-    //         }
-    //     }

src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java (2)

66-66: Remove unnecessary blank line.

The blank line adds no value and should be removed for cleaner code.

-		

---

66-66: Remove test prefix from production logging.

The log statement contains a "test" prefix which should be removed from production code.

-		logger.info("test: vanto server auth="+Authorization);
+		logger.debug("Authorization header received for data sync");

Also consider changing the log level to DEBUG as authorization details are sensitive.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ea78f0 and 4357ca1.

📒 Files selected for processing (3)

• src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java (2 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (3 hunks)
• src/main/java/com/iemr/mmu/utils/RestTemplateUtil.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java (1)

src/main/java/com/iemr/mmu/utils/response/OutputResponse.java (1)

• OutputResponse (37-206)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Analyze (java)
• GitHub Check: Package-test

🔇 Additional comments (4)

src/main/java/com/iemr/mmu/controller/dataSyncLayerCentral/MMUDataSyncVanToServer.java (4)

39-39: Import addition looks good.

The import for CookieUtil is properly added and used in the method implementation.

---

43-43: Import addition looks good.

The import for HttpServletRequest is properly added and used in the method signature.

---

63-63: Method signature change is appropriate.

The addition of HttpServletRequest request parameter enables JWT token extraction from cookies, which aligns with the PR objective of fixing data sync issues.

---

71-71: Service method call update is correct.

The addition of the jwtToken parameter to the service method call properly passes the extracted token for further processing.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4357ca1 and 5bdf92b.

📒 Files selected for processing (2)

• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (3 hunks)
• src/main/resources/application.properties (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (java)

To address the SQL injection vulnerability, the fix involves validating and sanitizing all user-controlled inputs before incorporating them into the query. Specifically:

1. Validation: Ensure that schema and table names match predefined acceptable values or conform to strict patterns (e.g., alphanumeric characters only).
2. Parameterization: Use placeholders (?) for all dynamic parts of the query, and bind values using PreparedStatement or equivalent methods. While JdbcTemplate does not support parameterization for table or schema names, validation can mitigate the risk.

Changes will be made in DataSyncRepositoryCentral.java to validate schema and table names against predefined lists or patterns before constructing the query. If validation fails, an exception will be thrown.

---

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1)

238-240: Make batch size configurable and add transaction management

The hardcoded batch size should be configurable, and the entire batch processing should be wrapped in a transaction for data consistency.

+@Value("${sync.batch.size:1000}")
+private int batchSize;

+@Transactional
public String update_I_BeneficiaryDetails_for_processed_in_batches(SyncUploadDataDigester syncUploadDataDigester) {
    // ... existing code ...
-    int limit = 1000;
+    int limit = batchSize;
    // ... rest of implementation
}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5bdf92b and acb09a0.

📒 Files selected for processing (2)

• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (1 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (5)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (1)

• Service (17-175)

src/main/java/com/iemr/mmu/service/dataSyncActivity/UploadDataToServerImpl.java (1)

• Service (68-437)

src/main/java/com/iemr/mmu/service/dataSyncActivity/DownloadDataFromServerTransactionalImpl.java (1)

• Service (60-285)

src/main/java/com/iemr/mmu/service/dataSyncActivity/DataSyncRepository.java (1)

• Service (43-123)

src/main/java/com/iemr/mmu/data/syncActivity_syncLayer/SyncUploadDataDigester.java (1)

• SyncUploadDataDigester (27-121)

🔇 Additional comments (7)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (3)

19-30: Good practice: Lazy initialization of JdbcTemplate

The lazy initialization pattern ensures DataSource is available when needed. This is a solid improvement over direct injection.

---

35-88: Enhanced error handling and logging implementation

The refactored method shows significant improvements:

• Proper parameterized query building
• Comprehensive exception handling with specific logging
• Clear debug messages for troubleshooting

---

161-172: Verify SQL injection safeguards in getBatchForBenDetails

Although limit and offset are passed as parameters, both columnNames and whereClause are still concatenated directly into your SQL string. Any untrusted or malformed input there can open the door to SQL injection.

Please confirm that all dynamic parts are strictly controlled or sanitized before they reach this method. In particular:

• DataSyncRepositoryCentral.java (lines 161–172)
  getBatchForBenDetails concatenates columnNames and whereClause into "SELECT " + columnNames + " FROM " + schema + "." + table + whereClause + " LIMIT ? OFFSET ?".
• GetDataFromVanAndSyncToDBImpl.java
  Review how problematicWhereClause (the whereClause passed in) is constructed. Ensure it never contains unchecked user input or string fragments that could be manipulated.
• SyncUploadDataDigester.java (or wherever getServerColumns() is implemented)
  Verify that the list of columns returned is built from a safe, whitelist-driven source (not from arbitrary input).

If any of these values can vary based on external or user-supplied data, switch to parameterized queries or implement a strict whitelist/sanitization layer for column names and clauses before concatenation.

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (4)

29-43: Well-structured table grouping approach

The static TABLE_GROUPS map provides good organization for batch synchronization. The grouping by data characteristics (master, transactional, high-volume) is logical.

---

45-139: Improved architecture with token support and group-based processing

The refactored method adds proper token handling and implements group-based table synchronization. The error handling and logging are comprehensive.

---

287-449: Comprehensive generic sync implementation

The generic table sync method provides thorough handling of insert/update logic with proper error handling and logging. The facility ID processing for different table types is well-implemented.

---

512-528: Useful helper method for debugging failed records

The getFailedRecords method provides valuable debugging information for batch operation failures, helping identify specific records that failed processing.

The best way to fix the problem is to use parameterized SQL queries to eliminate the risk of SQL injection. The schema name and table name should not be concatenated directly into the query string. Instead, these values should be validated or restricted to a predefined list of acceptable values. Alternatively, dynamic queries can be avoided entirely by using predefined queries or stored procedures.

Steps for fixing the problem:

1. Validate or restrict schemaName and tableName to a predefined list of acceptable values.
2. Replace the dynamically constructed query with a parameterized query that uses placeholders (?) for variable values.
3. Pass the actual values as parameters during query execution using the PreparedStatement or equivalent mechanisms supported by JdbcTemplate.

---

To fix the issue, the table parameter should not be directly appended to the SQL query string. Instead, the application should validate the table parameter against a predefined list of allowed table names. This ensures that only legitimate table names can be used in the query. Additionally, the query should use parameterized placeholders for all other dynamic values to prevent SQL injection.

Steps to fix:

1. Introduce a validation mechanism to ensure the table parameter matches a predefined list of allowed table names.
2. Replace the dynamic query construction with a safer approach that uses parameterized queries for all dynamic values.
3. Update the getMasterDataFromTable method to include the validation logic and modify the query construction accordingly.

---

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (4)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (2)

173-186: Critical: SQL injection vulnerability in getBatchForBenDetails method.

The method constructs SQL queries by directly concatenating user-controlled parameters (schema, table, columnNames, whereClause) without validation, creating SQL injection vulnerabilities.

The existing fix suggestions from past reviews should be implemented:

1. Validate schema and table parameters against a whitelist
2. Avoid direct concatenation of whereClause - use parameterized queries instead
3. Add input validation for columnNames

public List<Map<String, Object>> getBatchForBenDetails(String schema, String table, String columnNames,
        String whereClause, int limit, int offset) {
    jdbcTemplate = getJdbcTemplate();
+   // Validate schema and table names
+   if (!isValidIdentifier(schema) || !isValidIdentifier(table)) {
+       throw new IllegalArgumentException("Invalid schema or table name");
+   }
    String query = "SELECT " + columnNames + " FROM " + schema + "." + table + whereClause + " LIMIT ? OFFSET ?";
    // ... rest of method
}

+private boolean isValidIdentifier(String identifier) {
+    return identifier != null && identifier.matches("^[a-zA-Z_][a-zA-Z0-9_]*$");
+}

---

150-152: Sanitize user-controlled data in log statements.

Logging user-controlled data directly can lead to log injection attacks.

Sanitize the logged values or use structured logging:

-logger.info("Select query central: {}", finalQuery);
-logger.info("Last Downloaded Date: {}", lastDownloadDate);
-logger.info("Query Params: {}", params);
+logger.info("Select query central executed for table: {}", table);
+logger.info("Last Downloaded Date: {}", lastDownloadDate);
+logger.info("Query parameter count: {}", params.size());

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (2)

244-283: Critical: Fix infinite loop and incomplete batch processing logic.

The current implementation has several critical issues that will cause system hangs:

1. Infinite loop: while(true) with no proper exit condition
2. Incomplete processing: Fetches batches but never processes them
3. Incorrect exit logic: totalProcessed is checked but never incremented
4. Missing batch handling: The fetched batch data is never actually processed

public String update_I_BeneficiaryDetails_for_processed_in_batches(SyncUploadDataDigester syncUploadDataDigester) {
    logger.info("Processing update_I_BeneficiaryDetails_for_processed_in_batches for table: {}", syncUploadDataDigester.getTableName());
    List<Object[]> syncData = new ArrayList<>();
    
    String query = getQueryFor_I_BeneficiaryDetails(syncUploadDataDigester.getSchemaName(),
            syncUploadDataDigester.getTableName());
    
    int limit = 1000;
    int offset = 0;
    int totalProcessed = 0;
    
    String whereClause = " WHERE Processed <> 'P' AND VanID IS NOT NULL ";
    
    while (true) {
        List<Map<String, Object>> batch;
        try {
            batch = dataSyncRepositoryCentral.getBatchForBenDetails(
                    syncUploadDataDigester.getSchemaName(),
                    syncUploadDataDigester.getTableName(),
                    syncUploadDataDigester.getServerColumns(),
                    whereClause,
                    limit,
                    offset);
        } catch (Exception e) {
            logger.error("Error fetching batch for i_beneficiarydetails: {}", e.getMessage(), e);
            return "Error fetching data for i_beneficiarydetails: " + e.getMessage();
        }
        
+       // Exit condition: no more data to process
+       if (batch == null || batch.isEmpty()) {
+           break;
+       }
+       
+       // Process the batch data
+       for (Map<String, Object> record : batch) {
+           if (record.get("BeneficiaryDetailsId") != null && record.get("VanID") != null) {
+               Object[] objArr = new Object[3];
+               objArr[0] = syncUploadDataDigester.getSyncedBy();
+               objArr[1] = record.get("BeneficiaryDetailsId");
+               objArr[2] = record.get("VanID");
+               syncData.add(objArr);
+           }
+       }
+       
+       // Execute batch update
+       if (!syncData.isEmpty()) {
+           try {
+               int[] results = dataSyncRepositoryCentral.syncDataToCentralDB(
+                       syncUploadDataDigester.getSchemaName(),
+                       syncUploadDataDigester.getTableName(),
+                       null,
+                       query,
+                       syncData);
+               totalProcessed += results.length;
+               syncData.clear(); // Clear for next batch
+           } catch (Exception e) {
+               logger.error("Error processing batch: {}", e.getMessage(), e);
+               return "Error processing batch: " + e.getMessage();
+           }
+       }
+       
+       offset += limit;
    }
    
-   if (totalProcessed > 0 || syncData.isEmpty()) {
-       logger.info("Finished processing i_beneficiarydetails. Total records processed: {}", totalProcessed);
-       return "data sync passed";
-   } else {
-       logger.error("No records were processed for i_beneficiarydetails or an unknown error occurred.");
-       return "No data processed or sync failed for i_beneficiarydetails.";
-   }
+   logger.info("Finished processing i_beneficiarydetails. Total records processed: {}", totalProcessed);
+   return "data sync passed";
}

---

244-283: Consider adding transaction management for batch operations.

Large batch operations should be wrapped in transactions to ensure data consistency and provide rollback capability in case of failures.

+@Transactional
public String update_I_BeneficiaryDetails_for_processed_in_batches(
        SyncUploadDataDigester syncUploadDataDigester) {
    // existing implementation
}

Also consider making the batch size configurable through application properties instead of hardcoding it to 1000.

🧹 Nitpick comments (1)

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1)

29-43: Consider making table groups configurable.

The hardcoded table groups might need updates when new tables are added or when table categorization changes.

Consider moving table group configuration to application properties or a database configuration table for better maintainability:

# application.properties
sync.table.groups.1=m_beneficiaryregidmapping,m_another_master_table
sync.table.groups.2=t_indent,t_indentorder,t_indentissue,t_stocktransfer,t_itemstockentry
sync.table.groups.3=i_beneficiarydetails,t_patientissue,t_physicalstockentry,t_stockadjustment,t_saitemmapping,t_patientreturn,t_facilityconsumption,t_itemstockexit

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between acb09a0 and f2134dd.

📒 Files selected for processing (3)

• pom.xml (1 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java (1 hunks)
• src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/GetDataFromVanAndSyncToDBImpl.java (1 hunks)

🧰 Additional context used

🪛 GitHub Check: SonarCloud

src/main/java/com/iemr/mmu/service/dataSyncLayerCentral/DataSyncRepositoryCentral.java

[notice] 150-150: Logging should not be vulnerable to injection attacks

Change this code to not log user-controlled data.

See more on SonarQube Cloud

---

[notice] 151-151: Logging should not be vulnerable to injection attacks

Change this code to not log user-controlled data.

See more on SonarQube Cloud

---

[notice] 152-152: Logging should not be vulnerable to injection attacks

Change this code to not log user-controlled data.

See more on SonarQube Cloud

---

[failure] 159-159: Database queries should not be vulnerable to injection attacks

Change this code to not construct SQL queries directly from user-controlled data.

See more on SonarQube Cloud

---

[failure] 161-161: Database queries should not be vulnerable to injection attacks

Change this code to not construct SQL queries directly from user-controlled data.

See more on SonarQube Cloud

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (java)

🔇 Additional comments (1)

pom.xml (1)

50-66: Remove commented exclusions and verify logging dependency compatibility.

Consider deleting the commented-out <exclusions> block to keep the POM clean. With that exclusion removed, Spring Boot’s default logging starter will be active alongside your explicit SLF4J API and SLF4J Simple dependencies—please manually verify this setup doesn’t introduce conflicting logging implementations.

Affected section:

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter</artifactId>
-       <!-- <exclusions>
-           <exclusion>
-               <groupId>org.springframework.boot</groupId>
-               <artifactId>spring-boot-starter-logging</artifactId>
-           </exclusion>
-       </exclusions> -->
    </dependency>

Please run locally to confirm a single logging framework is resolved at build time:

mvn dependency:tree | grep -i "log\|slf4j"

[sonarqubecloud]

Quality Gate failed

Failed conditions
1 Security Hotspot

See analysis details on SonarQube Cloud