Use index-friendly CQL for identifiers #410
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* MODMARCMIG-50 MARC Migration failing * fix * fix code smell (cherry picked from commit fc51368)
* code review * change testing marc field * change testing marc field * change testing marc field (cherry picked from commit 5f35c92)
…flower https://folio-org.atlassian.net/browse/MODDICORE-454 Purpose Upgrade all dependencies to supported versions for Sunflower. Fix security vulnerabilities in Netty in graalvm. Approach Bump versions in pom.xml. Upgrade all dependencies to supported versions for Sunflower. Upgrading Vertx from 4.5.11 to 4.5.14 indirectly upgrades Netty fixing these security vulnerabilities: * GHSA-4g8c-wm8x-jfhw CVE-2025-24970 netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine * GHSA-389x-839f-4rhx CVE-2025-25193 netty-common: Denial of Service attack on windows app using Netty, again Upgrading org.graalvm.js:js and org.graalvm.js:js-scriptengine from 23.0.0 to 24.2.1 fixes these security vulnerabilities: * GHSA-7f6c-8chx-2vm5 CVE-2025-21587 Timing Attack in security-libs/javax.net.ssl that exposes information from a TLS handshake via side channel. * GHSA-qh4r-w9x4-6fq2 CVE-2025-25193 Buffer Overflow in hotspot/compiler due to improper handling of buffers in addnode.cpp * GHSA-3fvx-r9r8-xq97 CVE-2025-30698 Heap-based Buffer Overflow in the Graphics.copyArea functionality in client-libs/2d. An attacker can manipulate memory and potentially execute code. TODOS and Open Questions - [x] Check logging. Learning Before making the first release for a flower release bump all dependency versions to a supported version. (cherry picked from commit c40ade8)
https://folio-org.atlassian.net/browse/MODDICORE-454 (cherry picked from commit 37b13c5)
Release 4.4.2
https://folio-org.atlassian.net/browse/MODDICORE-455 The software library data-import-processing-core must ship will all required dependencies, therefore maven-shade-plugin must not create a dependency reduced pom. (cherry picked from commit 01ec759)
The previous CQL query for matching instances by identifier was causing significant performance issues when there were many values to filter. The generated query (`identifiers="\"identifierTypeId\":\"...\""` AND ...) performed a string-based search on the entire JSONB object without using the index in some cases.
okolawole-ebsco
requested review from
Aliaksandr-Fedasiuk,
KaterynaSenchenko and
RuslanLavrov
KaterynaSenchenko
approved these changes
Sep 29, 2025
Collaborator
KaterynaSenchenko
left a comment
KaterynaSenchenko
left a comment
There was a problem hiding this comment.
Let's merge this change in sunflower first to test on PTF #411
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
The previous CQL query for matching instances by identifier was causing significant performance issues when there were many values to filter. The generated query (
identifiers="\"identifierTypeId\":\"...\""AND ...) performed a string-based search on the entire JSONB object without using the index in some cases.Approach
This refactors the query generation to use CQL relation modifiers, resulting in the format:
identifiers =/@identifierTypeId=... "..."This is the correct, idiomatic syntax for querying array elements. It allows
cql2pgjsonto generate an efficient SQL statement that leverages the GIN index, improving query performance by avoiding sequential scans.From RMB documentation
CQL: @-relation modifiers for array searches
RMB 26 or later supports array searches with relation modifiers, that
are particular suited for structures like:
An example of this kind of structure is
contributors(property) frommod-inventory-storage .
contributorTypeIdis the type of contributor(type1).
With CQL you can limit searches to
propertywith regular match insubfield, with type1=value1 withObserve that the relation modifier is preceded with the @-character to
avoid clash with other CQL relation modifiers.
The type1, type2 and subfield must all be defined in schema.json, because
the JSON schema is not known. And also because relation modifiers are
unfortunately lower-cased by cqljava. To match value1 against the
property contents of type1, full-text match is used.
Multiple relation modifiers with value are ANDed together. So
will only give a hit if both type1 has value1 AND type2 has value2.
It is also possible to specify relation modifiers without value. This
essentially is a way to override what subfield to search. In this case
the right hand side term is matched. Multiple relation modifiers
are OR'ed together. For example:
And to match any of the sub properties type1, type2, you could use:
In schema.json two new properties,
arraySubfieldandarrayModifiers,specifies the subfield and the list of modifiers respectively.
This can be applied to
ginIndexorfullTextIndex.schema.json example:
For the identifiers example we could define things in schema.json with:
This will allow you to perform searches, such as: