fix: WHERE filter pushdown silently corrupts OR/CASE queries#154
Closed
fix: WHERE filter pushdown silently corrupts OR/CASE queries#154
Conversation
The extract_raw_column_predicates function used visit_expressions to walk the entire AST tree, which incorrectly extracted predicates from inside OR branches and CASE arms as AND restrictions on the CTE. This silently changed query semantics. For example, WHERE block_num > 100 OR address = '0xABC' would push down block_num > 100 as an AND restriction, filtering out rows that matched address = '0xABC' but had block_num <= 100. Fix: Replace visit_expressions with explicit WHERE clause extraction that only processes top-level AND conjuncts via flatten_and_conjuncts(). Complex expressions (OR, CASE, etc.) remain as single opaque conjuncts and are not decomposed for pushdown. Audit finding: WHERE Filter Pushdown Silently Corrupts Queries with OR/CASE Expressions by Forcing AND Restrictions on CTE (High) Amp-Thread-ID: https://ampcode.com/threads/T-019d4584-cd22-77c3-8001-677b460e61c6 Co-authored-by: Amp <amp@ampcode.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Audit Finding
WHERE Filter Pushdown Silently Corrupts Queries with OR/CASE Expressions by Forcing AND Restrictions on CTE (Severity: High)
Problem
extract_raw_column_predicatesusedvisit_expressionsto walk the entire AST, which extracted predicates from inside OR branches and CASE arms. These were then pushed down as AND restrictions on the CTE, silently changing query semantics.For example:
Would incorrectly push
block_num > 100as an AND filter on the CTE, filtering out rows that matchedaddress = '0xABC'but hadblock_num <= 100.Fix
Replace
visit_expressionswith explicit WHERE clause extraction that only processes top-level AND conjuncts viaflatten_and_conjuncts(). Complex expressions (OR, CASE, nested subexpressions) remain as single opaque conjuncts and are never decomposed for pushdown.Tests Added
test_extract_raw_predicates_skips_or_expressions— pure OR not pushed downtest_extract_raw_predicates_skips_or_mixed_with_and— only safe AND conjuncts pushed downtest_extract_raw_predicates_skips_case_expressions— CASE not pushed down