FINERACT-2535: Support BOOLEAN in runreports endpoint

Author: leonardoalunno

fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/JdbcJavaType.java

@@ -34,7 +34,7 @@ public Object toJdbcValueImpl(@NonNull DatabaseType dialect, Object value) {
             return value == null ? null : (Boolean.TRUE.equals(value) ? 1 : 0);
         }
     },
-    BOOLEAN(JavaType.BOOLEAN, new DialectType(JDBCType.BIT), new DialectType(JDBCType.BOOLEAN, null, "BOOL")) { //
+    BOOLEAN(JavaType.BOOLEAN, new DialectType(JDBCType.BIT, null, "BOOL", "BOOLEAN"), new DialectType(JDBCType.BOOLEAN, null, "BOOL")) { //
 
         @Override
         public Object toJdbcValueImpl(@NonNull DatabaseType dialect, Object value) {

fineract-core/src/test/java/org/apache/fineract/infrastructure/core/service/database/JdbcJavaTypeTest.java

@@ -0,0 +1,44 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.core.service.database;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+class JdbcJavaTypeTest {
+
+    @Test
+    void shouldResolveBooleanTypeNameForMySql() {
+        JdbcJavaType jdbcJavaType = JdbcJavaType.getByTypeName(DatabaseType.MYSQL, "BOOLEAN", true);
+        assertEquals(JdbcJavaType.BOOLEAN, jdbcJavaType);
+    }
+
+    @Test
+    void shouldResolveBoolTypeNameForMySql() {
+        JdbcJavaType jdbcJavaType = JdbcJavaType.getByTypeName(DatabaseType.MYSQL, "BOOL", true);
+        assertEquals(JdbcJavaType.BOOLEAN, jdbcJavaType);
+    }
+
+    @Test
+    void shouldResolveBitTypeNameForMySql() {
+        JdbcJavaType jdbcJavaType = JdbcJavaType.getByTypeName(DatabaseType.MYSQL, "BIT", true);
+        assertEquals(JdbcJavaType.BOOLEAN, jdbcJavaType);
+    }
+}

integration-tests/src/test/java/org/apache/fineract/integrationtests/SqlInjectionReportingServiceIntegrationTest.java

@@ -67,8 +67,11 @@ public class SqlInjectionReportingServiceIntegrationTest extends BaseLoanIntegra
     private RequestSpecification requestSpec;
     private ResponseSpecification responseSpec;
     private Long testReportId = null;
+    private Long booleanReportId = null;
     private static final String TEST_REPORT_NAME = "SQL_Injection_Test_Report";
     private static final String TEST_REPORT_SQL = "SELECT 1 as test_column, 'Test Data' as test_name";
+    private static final String BOOLEAN_REPORT_SQL = "SELECT CAST(1 AS BOOLEAN) AS active";
+    private String booleanReportName;
 
     @BeforeEach
     public void setup() {
@@ -92,6 +95,13 @@ public void cleanup() {
                 log.warn("Failed to clean up test report: " + e.getMessage());
             }
         }
+        if (booleanReportId != null) {
+            try {
+                deleteBooleanReport();
+            } catch (Exception e) {
+                log.warn("Failed to clean up boolean test report: " + e.getMessage());
+            }
+        }
     }
 
     private void createTestReportIfNotExists() {
@@ -161,6 +171,31 @@ private void createTestReportIfNotExists() {
         }
     }
 
+    private void createBooleanReport() {
+        booleanReportName = "BOOLEAN_Runreports_Test_Report_" + System.currentTimeMillis();
+
+        String reportJson = "{" + "\"reportName\": \"" + booleanReportName + "\"," + "\"reportType\": \"Table\","
+                + "\"reportCategory\": \"Client\"," + "\"reportSql\": \"" + BOOLEAN_REPORT_SQL + "\","
+                + "\"description\": \"Test report for BOOLEAN runreports support\"," + "\"useReport\": true" + "}";
+
+        Response postResponse = given().spec(requestSpec).contentType(ContentType.JSON).body(reportJson).when()
+                .post("/fineract-provider/api/v1/reports");
+
+        if (postResponse.getStatusCode() == 200 || postResponse.getStatusCode() == 201) {
+            String response = postResponse.asString();
+            if (response.contains("resourceId")) {
+                String idStr = response.replaceAll(".*\"resourceId\":(\\d+).*", "$1");
+                booleanReportId = Long.parseLong(idStr);
+                log.info("Created BOOLEAN test report with ID: {}", booleanReportId);
+            } else {
+                throw new RuntimeException("BOOLEAN test report creation failed - no resourceId in response: " + response);
+            }
+        } else {
+            throw new RuntimeException(
+                    "BOOLEAN test report creation failed with status " + postResponse.getStatusCode() + ": " + postResponse.asString());
+        }
+    }
+
     private void deleteTestReport() {
         if (testReportId != null) {
             try {
@@ -172,6 +207,17 @@ private void deleteTestReport() {
         }
     }
 
+    private void deleteBooleanReport() {
+        if (booleanReportId != null) {
+            try {
+                Utils.performServerDelete(requestSpec, responseSpec, "/fineract-provider/api/v1/reports/" + booleanReportId, "");
+                log.info("Deleted BOOLEAN test report with ID: {}", booleanReportId);
+            } catch (Exception e) {
+                log.warn("Failed to delete BOOLEAN test report: " + e.getMessage());
+            }
+        }
+    }
+
     /**
      * UC1: Test legitimate report execution works correctly Validates that the SQL injection prevention doesn't break
      * normal functionality
@@ -215,7 +261,7 @@ void uc2_testParameterInjectionPrevention() {
         // This should either succeed with empty/safe results or fail with validation error
         // but NOT with SQL syntax errors
         try {
-            String response = Utils.performServerGet(requestSpec, responseSpec, "/fineract-provider/api/v1/runreports/" + TEST_REPORT_NAME
+            Utils.performServerGet(requestSpec, responseSpec, "/fineract-provider/api/v1/runreports/" + TEST_REPORT_NAME
                     + "?genericResultSet=false&" + toQueryString(maliciousParams), null);
 
             // If we get here, the SQL injection was prevented and handled safely
@@ -240,7 +286,7 @@ void uc2_testParameterInjectionPrevention() {
      * whitelist implementation for report types
      */
     @ParameterizedTest(name = "Report Type Validation: {0}")
-    @ValueSource(strings = { "report", "parameter" })
+    @ValueSource(strings = {"report", "parameter"})
     void uc3_testValidReportTypes(String validType) {
         log.info("Testing valid report type: {}", validType);
 
@@ -249,7 +295,7 @@ void uc3_testValidReportTypes(String validType) {
 
         // Test that valid report types work through the API
         try {
-            String response = Utils.performServerGet(requestSpec, responseSpec,
+            Utils.performServerGet(requestSpec, responseSpec,
                     "/runreports/TestReport?reportType=" + validType + "&genericResultSet=false&" + toQueryString(queryParams), null);
             // Should get a proper response or 404 (report not found), not validation error
         } catch (AssertionError e) {
@@ -262,7 +308,7 @@ void uc3_testValidReportTypes(String validType) {
      * UC4: Test invalid report types that should be rejected by whitelist
      */
     @ParameterizedTest(name = "Invalid Report Type: {0}")
-    @ValueSource(strings = { "table", "view", "procedure", "function", "schema", "database", "admin", "user", "system", "config" })
+    @ValueSource(strings = {"table", "view", "procedure", "function", "schema", "database", "admin", "user", "system", "config"})
     void uc4_testInvalidReportTypes(String invalidType) {
         log.info("Testing invalid report type: {}", invalidType);
 
@@ -438,8 +484,8 @@ void uc8_testComplexParameterInjection() {
      * UC9: Test legitimate reports with various parameter types
      */
     @ParameterizedTest(name = "Parameter Type: {0}")
-    @CsvSource(delimiterString = " | ", value = { "R_officeId | 1 | Numeric parameter", "R_startDate | 2023-01-01 | Date parameter",
-            "R_endDate | 2023-12-31 | Date parameter", "R_currencyId | USD | String parameter", "R_loanProductId | 1 | Numeric parameter" })
+    @CsvSource(delimiterString = " | ", value = {"R_officeId | 1 | Numeric parameter", "R_startDate | 2023-01-01 | Date parameter",
+            "R_endDate | 2023-12-31 | Date parameter", "R_currencyId | USD | String parameter", "R_loanProductId | 1 | Numeric parameter"})
     void uc9_testLegitimateParameterTypes(String paramName, String paramValue, String description) {
         log.info("Testing legitimate parameter: {} = {} ({})", paramName, paramValue, description);
 
@@ -496,6 +542,21 @@ void uc10_testCrossDatabaseCompatibility() {
         }
     }
 
+    @Test
+    void shouldExecuteReportSuccessfullyWhenReportContainsBooleanColumn() {
+        createBooleanReport();
+
+        String response = Utils.performServerGet(requestSpec, responseSpec,
+                "/fineract-provider/api/v1/runreports/" + URLEncoder.encode(booleanReportName, StandardCharsets.UTF_8)
+                        + "?genericResultSet=false",
+                null);
+
+        assertNotNull(response);
+        assertFalse(response.isBlank());
+        assertFalse(response.contains("Data type 'BOOLEAN' is not supported"));
+        assertTrue(response.contains("columnHeaders") || response.contains("data"));
+    }
+
     /**
      * Helper method to convert parameters map to query string
      */
@@ -512,4 +573,4 @@ private String toQueryString(Map<String, String> params) {
         }
         return sb.toString();
     }
-}
+}