[BugFix] fix bug for sqlblacklist

[before-Sunrise]

Why I'm doing:

Currently Follower FE will forward sql to Leader before verify blacklist, but every FE has its own blacklist, and this will cause two problems:

1. if one sql is in Follower's blacklist but forward to leader, this sql can be executed
2. For leader, because this sql is not in leader's blacklist, it will walk through every item in its blacklist which sometimes make cpu usage very high

What I'm doing:

1. follwer FE will check blacklist first before forward to leader
2. leader FE will not check one sql in blacklist if it is a proxy sql

Fixes #issue

What type of PR is this:

• BugFix
• Feature
• Enhancement
• Refactor
• UT
• Doc
• Tool

Does this PR entail a change in behavior?

• Yes, this PR will result in a change in behavior.
• No, this PR will not result in a change in behavior.

If yes, please specify the type of change:

• Interface/UI changes: syntax, type conversion, expression evaluation, display information
• Parameter changes: default values, similar parameters but with different default values
• Policy changes: use new policy to replace old one, functionality automatically enabled
• Feature removed
• Miscellaneous: upgrade & downgrade compatibility, etc.

Checklist:

• I have added test cases for my bug fix or my new feature
• This pr needs user documentation (for new or modified features or behaviors)
• I have added documentation for my new feature or new function
• This is a backport pr

Bugfix cherry-pick branch check:

• I have checked the version labels which the pr will be auto-backported to the target branch
  • 3.3
  • 3.2
  • 3.1
  • 3.0
  • 2.5

[starrocks-cr]

The most risky bug in this code is:
SQL blacklist verification logic is duplicated, which can lead to unnecessary performance overhead and potential inconsistencies in SQL blacklist checking.

You can modify the code like this:

@@ -541,6 +541,19 @@ public void execute() throws Exception {
            if (context.isHTTPQueryDump) {
                return;
            }

+           // For follower: verify sql in BlackList before forward to leader
+           // For leader: if this is a proxy sql, no need to verify sql in BlackList because every fe has its own blacklist
+           if (isQuery && Config.enable_sql_blacklist && !parsedStmt.isExplain() && !isProxy) {
+               OriginStatement origStmt = parsedStmt.getOrigStmt();
+               if (origStmt != null) {
+                   String originSql = origStmt.originStmt.trim()
+                           .toLowerCase().replaceAll(" +", " ");
+                   // If this sql is in blacklist, show message.
+                   SqlBlackList.verifying(originSql);
+               }
+           }
+
            if (isForwardToLeader()) {
                context.setIsForward(true);
                forwardToLeader();
@@ -553,17 +566,6 @@ public void execute() throws Exception {
                final boolean isStatisticsJob = AnalyzerUtils.isStatisticsJob(context, parsedStmt);
                context.setStatisticsJob(isStatisticsJob);

-               // This block is removed as it duplicates the blacklist check above
-
                // Record planner costs in audit log
                Preconditions.checkNotNull(execPlan, "query must has a plan");

By removing the duplicated block of SQL blacklist verification, we eliminate the redundancy, ensuring that the SQL blacklist check is done efficiently and only once per execution path.

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[github-actions]

[FE Incremental Coverage Report]

✅ pass : 6 / 6 (100.00%)

file detail

	path	covered_line	new_line	coverage	not_covered_line_detail
🔵	com/starrocks/qe/StmtExecutor.java	6	6	100.00%	[]

[github-actions]

[BE Incremental Coverage Report]

✅ pass : 0 / 0 (0%)

[github-actions]

@Mergifyio backport branch-3.3

[github-actions]

@Mergifyio backport branch-3.2

[github-actions]

@Mergifyio backport branch-3.1

[mergify]

backport branch-3.3

✅ Backports have been created

• #44915 [BugFix] fix bug for sqlblacklist (backport #44862) has been created for branch branch-3.3

[github-actions]

@Mergifyio backport branch-3.0

[github-actions]

@Mergifyio backport branch-2.5

[mergify]

backport branch-3.2

✅ Backports have been created

• #44916 [BugFix] fix bug for sqlblacklist (backport #44862) has been created for branch branch-3.2

[mergify]

backport branch-3.1

✅ Backports have been created

• #44917 [BugFix] fix bug for sqlblacklist (backport #44862) has been created for branch branch-3.1

[mergify]

backport branch-3.0

✅ Backports have been created

• #44918 [BugFix] fix bug for sqlblacklist (backport #44862) has been created for branch branch-3.0 but encountered conflicts

[mergify]

backport branch-2.5

✅ Backports have been created

• #44919 [BugFix] fix bug for sqlblacklist (backport #44862) has been created for branch branch-2.5 but encountered conflicts