Fix | Misleading error message in CallableStatement (#1064)

* Fix | Callablestatement not setting parameter properly when columns aren't found

* Fix | Typo in tests

* Fix | Typo fix cont...

* Add | Tests

* Fix | null check

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

* Update src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

Co-Authored-By: Cheena Malhotra <v-chmalh@microsoft.com>

Author: rene-ye

src/main/java/com/microsoft/sqlserver/jdbc/SQLServerCallableStatement.java

@@ -26,7 +26,10 @@
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Calendar;
+import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
 
 
 /**
@@ -67,6 +70,9 @@ String getClassNameInternal() {
         return "SQLServerCallableStatement";
     }
 
+    Map<String, Integer> map = new ConcurrentHashMap<>();
+    AtomicInteger ai = new AtomicInteger(0);
+
     /**
      * Create a new callable statement.
      * 
@@ -1294,10 +1300,13 @@ private int findColumn(String columnName) throws SQLServerException {
         }
 
         int l = 0;
-        if (parameterNames != null)
+        if (null != parameterNames) {
             l = parameterNames.size();
-        if (l == 0)// Server didn't return anything, user might not have access
-            return 1;// attempting to look up the first column will return no access exception
+        }
+        if (l == 0) { // Server didn't return anything, user might not have access
+            map.putIfAbsent(columnName, ai.incrementAndGet());
+            return map.get(columnName);// attempting to look up the first column will return no access exception
+        }
 
         // handle `@name` as well as `name`, since `@name` is what's returned
         // by DatabaseMetaData#getProcedureColumns

src/test/java/com/microsoft/sqlserver/jdbc/TestResource.java

@@ -18,6 +18,10 @@ public final class TestResource extends ListResourceBundle {
     public static String getResource(String key) {
         return TestResource.getBundle(Constants.MSSQL_JDBC_PACKAGE + ".TestResource").getString(key);
     }
+    
+    public static String formatErrorMsg(String resource) {
+        return (".*\\Q" + getResource(resource) + "\\E").replaceAll("\\{+[0-9]+\\}", "\\\\E.*\\\\Q");
+    }
 
     protected Object[][] getContents() {
         return contents;
@@ -174,5 +178,6 @@ protected Object[][] getContents() {
             {"R_incorrectSyntaxTable", "Incorrect syntax near the keyword 'table'."},
             {"R_incorrectSyntaxTableDW", "Incorrect syntax near 'table'."},
             {"R_ConnectionStringNull", "Connection String should not be null"},
-            {"R_OperandTypeClash", "Operand type clash"}};
+            {"R_OperandTypeClash", "Operand type clash"},
+            {"R_NoPrivilege", "The EXECUTE permission was denied on the object {0}"}};
 }

src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableMixedTest.java

@@ -1,18 +1,23 @@
 package com.microsoft.sqlserver.jdbc.callablestatement;
 
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 
 import java.sql.CallableStatement;
 import java.sql.Connection;
 import java.sql.ResultSet;
+import java.sql.SQLException;
 import java.sql.Statement;
+import java.util.UUID;
 
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
 import org.junit.platform.runner.JUnitPlatform;
 import org.junit.runner.RunWith;
 
 import com.microsoft.sqlserver.jdbc.RandomUtil;
+import com.microsoft.sqlserver.jdbc.TestResource;
 import com.microsoft.sqlserver.jdbc.TestUtils;
 import com.microsoft.sqlserver.testframework.AbstractSQLGenerator;
 import com.microsoft.sqlserver.testframework.AbstractTest;
@@ -79,4 +84,42 @@ public void datatypestest() throws Exception {
             }
         }
     }
+
+    @Test
+    @Tag("xAzureSQLDB")
+    @Tag("xAzureSQLDW")
+    @Tag("xAzureSQLMI")
+    public void noPrivilegeTest() throws SQLException {
+        try (Connection c = getConnection(); Statement stmt = c.createStatement()) {
+            String tableName = RandomUtil.getIdentifier("jdbc_priv");
+            String procName = RandomUtil.getIdentifier("priv_proc");
+            String user = "priv_user" + UUID.randomUUID();
+            String pass = "priv_pass" + UUID.randomUUID();
+
+            stmt.execute(
+                    "CREATE TABLE " + AbstractSQLGenerator.escapeIdentifier(tableName) + " (id int, name varchar(50))");
+            stmt.execute("CREATE PROC " + AbstractSQLGenerator.escapeIdentifier(procName)
+                    + " @id int, @str varchar(50) as INSERT INTO " + AbstractSQLGenerator.escapeIdentifier(tableName)
+                    + " values(@id,@str)");
+            stmt.execute(
+                    "CREATE LOGIN " + AbstractSQLGenerator.escapeIdentifier(user) + " WITH password='" + pass + "'");
+            stmt.execute("CREATE USER " + AbstractSQLGenerator.escapeIdentifier(user) + "");
+            try {
+                stmt.execute("EXECUTE AS USER='" + user + "';EXECUTE " + AbstractSQLGenerator.escapeIdentifier(procName)
+                        + " 1,'hi';");
+                fail(TestResource.getResource("R_shouldThrowException"));
+            } catch (SQLException e) {
+                assertTrue(e.getMessage().matches(TestResource.formatErrorMsg("R_NoPrivilege")));
+            } finally {
+                TestUtils.dropProcedureIfExists(procName, stmt);
+                TestUtils.dropTableIfExists(tableName, stmt);
+                stmt.close();
+                c.close();
+                try (Connection c2 = getConnection(); Statement stmt2 = c2.createStatement()) {
+                    stmt2.execute("DROP USER " + AbstractSQLGenerator.escapeIdentifier(user));
+                    stmt2.execute("DROP LOGIN " + AbstractSQLGenerator.escapeIdentifier(user));
+                }
+            }
+        }
+    }
 }

src/test/java/com/microsoft/sqlserver/jdbc/callablestatement/CallableStatementTest.java

@@ -56,7 +56,7 @@ public static void setupTest() throws SQLException {
 
             createGUIDTable(stmt);
             createGUIDStoredProcedure(stmt);
-            createSetNullPreocedure(stmt);
+            createSetNullProcedure(stmt);
             createInputParamsProcedure(stmt);
         }
     }
@@ -195,7 +195,7 @@ private static void createGUIDTable(Statement stmt) throws SQLException {
         stmt.execute(sql);
     }
 
-    private static void createSetNullPreocedure(Statement stmt) throws SQLException {
+    private static void createSetNullProcedure(Statement stmt) throws SQLException {
         stmt.execute("create procedure " + AbstractSQLGenerator.escapeIdentifier(setNullProcedureName)
                 + " (@p1 nvarchar(255), @p2 nvarchar(255) output) as select @p2=@p1 return 0");
     }