Disallow ES|QL CATEGORIZE in aggregation filters (elastic#118319) (elastic#118330)

jan-elastic · web-flow · commit 8f45b6bf4e7d · 2024-12-13T04:07:26.000+11:00
diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/analysis/Verifier.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/analysis/Verifier.java
@@ -382,6 +382,18 @@ private static void checkCategorizeGrouping(Aggregate agg, Set<Failure> failures
                     );
                 }
             })));
+        agg.aggregates().forEach(a -> a.forEachDown(FilteredExpression.class, fe -> fe.filter().forEachDown(Attribute.class, attribute -> {
+            var categorize = categorizeByAttribute.get(attribute);
+            if (categorize != null) {
+                failures.add(
+                    fail(
+                        attribute,
+                        "cannot reference CATEGORIZE grouping function [{}] within an aggregation filter",
+                        attribute.sourceText()
+                    )
+                );
+            }
+        })));
     }
 
     private static void checkRateAggregates(Expression expr, int nestedLevel, Set<Failure> failures) {
@@ -421,7 +433,8 @@ private static void checkInvalidNamedExpressionUsage(
                 Expression filter = fe.filter();
                 failures.add(fail(filter, "WHERE clause allowed only for aggregate functions, none found in [{}]", fe.sourceText()));
             }
-            Expression f = fe.filter(); // check the filter has to be a boolean term, similar as checkFilterConditionType
+            Expression f = fe.filter();
+            // check the filter has to be a boolean term, similar as checkFilterConditionType
             if (f.dataType() != NULL && f.dataType() != BOOLEAN) {
                 failures.add(fail(f, "Condition expression needs to be boolean, found [{}]", f.dataType()));
             }
@@ -432,9 +445,10 @@ private static void checkInvalidNamedExpressionUsage(
                         fail(af, "cannot use aggregate function [{}] in aggregate WHERE clause [{}]", af.sourceText(), fe.sourceText())
                     );
                 }
-                // check the bucketing function against the group
+                // check the grouping function against the group
                 else if (c instanceof GroupingFunction gf) {
-                    if (Expressions.anyMatch(groups, ex -> ex instanceof Alias a && a.child().semanticEquals(gf)) == false) {
+                    if (c instanceof Categorize
+                        || Expressions.anyMatch(groups, ex -> ex instanceof Alias a && a.child().semanticEquals(gf)) == false) {
                         failures.add(fail(gf, "can only use grouping function [{}] as part of the BY clause", gf.sourceText()));
                     }
                 }
diff --git a/x-pack/plugin/esql/src/test/java/org/elasticsearch/xpack/esql/analysis/VerifierTests.java b/x-pack/plugin/esql/src/test/java/org/elasticsearch/xpack/esql/analysis/VerifierTests.java
@@ -1968,6 +1968,26 @@ public void testCategorizeWithinAggregations() {
         );
     }
 
+    public void testCategorizeWithFilteredAggregations() {
+        assumeTrue("requires Categorize capability", EsqlCapabilities.Cap.CATEGORIZE_V5.isEnabled());
+
+        query("FROM test | STATS COUNT(*) WHERE first_name == \"John\" BY CATEGORIZE(last_name)");
+        query("FROM test | STATS COUNT(*) WHERE last_name == \"Doe\" BY CATEGORIZE(last_name)");
+
+        assertEquals(
+            "1:34: can only use grouping function [CATEGORIZE(first_name)] as part of the BY clause",
+            error("FROM test | STATS COUNT(*) WHERE CATEGORIZE(first_name) == \"John\" BY CATEGORIZE(last_name)")
+        );
+        assertEquals(
+            "1:34: can only use grouping function [CATEGORIZE(last_name)] as part of the BY clause",
+            error("FROM test | STATS COUNT(*) WHERE CATEGORIZE(last_name) == \"Doe\" BY CATEGORIZE(last_name)")
+        );
+        assertEquals(
+            "1:34: cannot reference CATEGORIZE grouping function [category] within an aggregation filter",
+            error("FROM test | STATS COUNT(*) WHERE category == \"Doe\" BY category = CATEGORIZE(last_name)")
+        );
+    }
+
     public void testSortByAggregate() {
         assertEquals("1:18: Aggregate functions are not allowed in SORT [COUNT]", error("ROW a = 1 | SORT count(*)"));
         assertEquals("1:28: Aggregate functions are not allowed in SORT [COUNT]", error("ROW a = 1 | SORT to_string(count(*))"));

Original file line number	Diff line number	Diff line change
`@@ -382,6 +382,18 @@ private static void checkCategorizeGrouping(Aggregate agg, Set<Failure> failures`
`382`	`382`	`);`
`383`	`383`	`}`
`384`	`384`	`})));`
	`385`	`+ agg.aggregates().forEach(a -> a.forEachDown(FilteredExpression.class, fe -> fe.filter().forEachDown(Attribute.class, attribute -> {`
	`386`	`+ var categorize = categorizeByAttribute.get(attribute);`
	`387`	`+ if (categorize != null) {`
	`388`	`+ failures.add(`
	`389`	`+ fail(`
	`390`	`+ attribute,`
	`391`	`+ "cannot reference CATEGORIZE grouping function [{}] within an aggregation filter",`
	`392`	`+ attribute.sourceText()`
	`393`	`+ )`
	`394`	`+ );`
	`395`	`+ }`
	`396`	`+ })));`
`385`	`397`	`}`
`386`	`398`
`387`	`399`	`private static void checkRateAggregates(Expression expr, int nestedLevel, Set<Failure> failures) {`
`@@ -421,7 +433,8 @@ private static void checkInvalidNamedExpressionUsage(`
`421`	`433`	`Expression filter = fe.filter();`
`422`	`434`	`failures.add(fail(filter, "WHERE clause allowed only for aggregate functions, none found in [{}]", fe.sourceText()));`
`423`	`435`	`}`
`424`		`- Expression f = fe.filter(); // check the filter has to be a boolean term, similar as checkFilterConditionType`
	`436`	`+ Expression f = fe.filter();`
	`437`	`+ // check the filter has to be a boolean term, similar as checkFilterConditionType`
`425`	`438`	`if (f.dataType() != NULL && f.dataType() != BOOLEAN) {`
`426`	`439`	`failures.add(fail(f, "Condition expression needs to be boolean, found [{}]", f.dataType()));`
`427`	`440`	`}`
`@@ -432,9 +445,10 @@ private static void checkInvalidNamedExpressionUsage(`
`432`	`445`	`fail(af, "cannot use aggregate function [{}] in aggregate WHERE clause [{}]", af.sourceText(), fe.sourceText())`
`433`	`446`	`);`
`434`	`447`	`}`
`435`		`- // check the bucketing function against the group`
	`448`	`+ // check the grouping function against the group`
`436`	`449`	`else if (c instanceof GroupingFunction gf) {`
`437`		`- if (Expressions.anyMatch(groups, ex -> ex instanceof Alias a && a.child().semanticEquals(gf)) == false) {`
	`450`	`+ if (c instanceof Categorize`
	`451`	`+ \|\| Expressions.anyMatch(groups, ex -> ex instanceof Alias a && a.child().semanticEquals(gf)) == false) {`
`438`	`452`	`failures.add(fail(gf, "can only use grouping function [{}] as part of the BY clause", gf.sourceText()));`
`439`	`453`	`}`
`440`	`454`	`}`