Prevent sorting and count queries for non-SELECT statements.

Add statement type detection to QueryEnhancer implementations to validate
operations. QueryEnhancer now throws IllegalStateException when attempting
to create count queries or apply sorting to INSERT, UPDATE, DELETE, or MERGE
statements, as these operations are only valid for SELECT queries.

Author: kssumin

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/DefaultQueryEnhancer.java

@@ -15,6 +15,10 @@
  */
 package org.springframework.data.jpa.repository.query;
 
+import java.util.Locale;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import org.jspecify.annotations.Nullable;
 
 /**
@@ -25,30 +29,69 @@
  */
 class DefaultQueryEnhancer implements QueryEnhancer {
 
+	private static final Pattern STATEMENT_TYPE_PATTERN = Pattern.compile(
+			"^\\s*(SELECT|FROM|INSERT|UPDATE|DELETE|MERGE)", Pattern.CASE_INSENSITIVE);
+
 	private final QueryProvider query;
 	private final boolean hasConstructorExpression;
 	private final @Nullable  String alias;
 	private final String projection;
+	private final StatementType statementType;
 
 	public DefaultQueryEnhancer(QueryProvider query) {
 		this.query = query;
 		this.hasConstructorExpression = QueryUtils.hasConstructorExpression(query.getQueryString());
 		this.alias = QueryUtils.detectAlias(query.getQueryString());
 		this.projection = QueryUtils.getProjection(this.query.getQueryString());
+		this.statementType = detectStatementType(query.getQueryString());
 	}
 
 	@Override
 	public String rewrite(QueryRewriteInformation rewriteInformation) {
+
+		if (statementType != StatementType.SELECT && !rewriteInformation.getSort().isUnsorted()) {
+			throw new IllegalStateException(String.format(
+					"Cannot apply sorting to %s statement. Sorting is only supported for SELECT statements.",
+					statementType));
+		}
+
 		return QueryUtils.applySorting(this.query.getQueryString(), rewriteInformation.getSort(), alias);
 	}
 
 	@Override
 	public String createCountQueryFor(@Nullable String countProjection) {
 
+		if (statementType != StatementType.SELECT) {
+			throw new IllegalStateException(String.format(
+					"Cannot derive count query for %s statement. Count queries are only supported for SELECT statements.",
+					statementType));
+		}
+
 		boolean nativeQuery = this.query instanceof DeclaredQuery dc ? dc.isNative() : true;
 		return QueryUtils.createCountQueryFor(this.query.getQueryString(), countProjection, nativeQuery);
 	}
 
+	private static StatementType detectStatementType(String query) {
+
+		Matcher matcher = STATEMENT_TYPE_PATTERN.matcher(query);
+		if (matcher.find()) {
+			String type = matcher.group(1).toUpperCase(Locale.ENGLISH);
+			return switch (type) {
+				case "SELECT", "FROM" -> StatementType.SELECT; // FROM is also a SELECT in JPQL
+				case "INSERT" -> StatementType.INSERT;
+				case "UPDATE" -> StatementType.UPDATE;
+				case "DELETE" -> StatementType.DELETE;
+				case "MERGE" -> StatementType.MERGE;
+				default -> StatementType.OTHER;
+			};
+		}
+		return StatementType.OTHER;
+	}
+
+	enum StatementType {
+		SELECT, INSERT, UPDATE, DELETE, MERGE, OTHER
+	}
+
 	@Override
 	public boolean hasConstructorExpression() {
 		return this.hasConstructorExpression;

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/EqlQueryIntrospector.java

@@ -38,11 +38,36 @@ class EqlQueryIntrospector extends EqlBaseVisitor<Void> implements ParsedQueryIn
 	private @Nullable List<QueryToken> projection;
 	private boolean projectionProcessed;
 	private boolean hasConstructorExpression = false;
+	private QueryInformation.StatementType statementType = QueryInformation.StatementType.SELECT;
 
 	@Override
 	public QueryInformation getParsedQueryInformation() {
 		return new QueryInformation(primaryFromAlias, projection == null ? Collections.emptyList() : projection,
-				hasConstructorExpression);
+				hasConstructorExpression, statementType);
+	}
+
+	@Override
+	public Void visitSelectQuery(EqlParser.SelectQueryContext ctx) {
+		statementType = QueryInformation.StatementType.SELECT;
+		return super.visitSelectQuery(ctx);
+	}
+
+	@Override
+	public Void visitFromQuery(EqlParser.FromQueryContext ctx) {
+		statementType = QueryInformation.StatementType.SELECT;
+		return super.visitFromQuery(ctx);
+	}
+
+	@Override
+	public Void visitUpdate_statement(EqlParser.Update_statementContext ctx) {
+		statementType = QueryInformation.StatementType.UPDATE;
+		return super.visitUpdate_statement(ctx);
+	}
+
+	@Override
+	public Void visitDelete_statement(EqlParser.Delete_statementContext ctx) {
+		statementType = QueryInformation.StatementType.DELETE;
+		return super.visitDelete_statement(ctx);
 	}
 
 	@Override

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/HibernateQueryInformation.java

@@ -29,23 +29,29 @@
 class HibernateQueryInformation extends QueryInformation {
 
 	private final boolean hasCte;
-	
+
 	private final boolean hasFromFunction;
-	
 
 	public HibernateQueryInformation(@Nullable String alias, List<QueryToken> projection,
-			boolean hasConstructorExpression, boolean hasCte,boolean hasFromFunction) {
+			boolean hasConstructorExpression, boolean hasCte, boolean hasFromFunction) {
 		super(alias, projection, hasConstructorExpression);
 		this.hasCte = hasCte;
 		this.hasFromFunction = hasFromFunction;
 	}
 
+	public HibernateQueryInformation(@Nullable String alias, List<QueryToken> projection,
+			boolean hasConstructorExpression, StatementType statementType, boolean hasCte, boolean hasFromFunction) {
+		super(alias, projection, hasConstructorExpression, statementType);
+		this.hasCte = hasCte;
+		this.hasFromFunction = hasFromFunction;
+	}
+
 	public boolean hasCte() {
 		return hasCte;
 	}
-	
+
 	public boolean hasFromFunction() {
 		return hasFromFunction;
 	}
-	
+
 }

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/HqlQueryIntrospector.java

@@ -42,11 +42,36 @@ class HqlQueryIntrospector extends HqlBaseVisitor<Void> implements ParsedQueryIn
 	private boolean hasConstructorExpression = false;
 	private boolean hasCte = false;
 	private boolean hasFromFunction = false;
+	private QueryInformation.StatementType statementType = QueryInformation.StatementType.SELECT;
 
 	@Override
 	public HibernateQueryInformation getParsedQueryInformation() {
 		return new HibernateQueryInformation(primaryFromAlias, projection == null ? Collections.emptyList() : projection,
-				hasConstructorExpression, hasCte, hasFromFunction);
+				hasConstructorExpression, statementType, hasCte, hasFromFunction);
+	}
+
+	@Override
+	public Void visitSelectStatement(HqlParser.SelectStatementContext ctx) {
+		statementType = QueryInformation.StatementType.SELECT;
+		return super.visitSelectStatement(ctx);
+	}
+
+	@Override
+	public Void visitInsertStatement(HqlParser.InsertStatementContext ctx) {
+		statementType = QueryInformation.StatementType.INSERT;
+		return super.visitInsertStatement(ctx);
+	}
+
+	@Override
+	public Void visitUpdateStatement(HqlParser.UpdateStatementContext ctx) {
+		statementType = QueryInformation.StatementType.UPDATE;
+		return super.visitUpdateStatement(ctx);
+	}
+
+	@Override
+	public Void visitDeleteStatement(HqlParser.DeleteStatementContext ctx) {
+		statementType = QueryInformation.StatementType.DELETE;
+		return super.visitDeleteStatement(ctx);
 	}
 
 	@Override

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/JSqlParserQueryEnhancer.java

@@ -343,7 +343,16 @@ private String doApplySorting(Sort sort, @Nullable String alias) {
 		String queryString = query.getQueryString();
 		Assert.hasText(queryString, "Query must not be null or empty");
 
-		if (this.parsedType != ParsedType.SELECT || sort.isUnsorted()) {
+		if (this.parsedType != ParsedType.SELECT) {
+			if (!sort.isUnsorted()) {
+				throw new IllegalStateException(String.format(
+						"Cannot apply sorting to %s statement. Sorting is only supported for SELECT statements.",
+						this.parsedType));
+			}
+			return queryString;
+		}
+
+		if (sort.isUnsorted()) {
 			return queryString;
 		}
 
@@ -383,7 +392,9 @@ private String applySorting(@Nullable Select selectStatement, Sort sort, @Nullab
 	public String createCountQueryFor(@Nullable String countProjection) {
 
 		if (this.parsedType != ParsedType.SELECT) {
-			return this.query.getQueryString();
+			throw new IllegalStateException(String.format(
+					"Cannot derive count query for %s statement. Count queries are only supported for SELECT statements.",
+					this.parsedType));
 		}
 
 		Assert.hasText(this.query.getQueryString(), "OriginalQuery must not be null or empty");

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/JpaQueryEnhancer.java

@@ -220,6 +220,13 @@ public DeclaredQuery getQuery() {
 
 	@Override
 	public String rewrite(QueryRewriteInformation rewriteInformation) {
+
+		if (!queryInformation.isSelectStatement() && !rewriteInformation.getSort().isUnsorted()) {
+			throw new IllegalStateException(String.format(
+					"Cannot apply sorting to %s statement. Sorting is only supported for SELECT statements.",
+					queryInformation.getStatementType()));
+		}
+
 		return QueryRenderer.TokenRenderer.render(
 				sortFunction.apply(rewriteInformation.getSort(), this.queryInformation, rewriteInformation.getReturnedType())
 						.visit(context));
@@ -232,6 +239,13 @@ public String rewrite(QueryRewriteInformation rewriteInformation) {
 	 */
 	@Override
 	public String createCountQueryFor(@Nullable String countProjection) {
+
+		if (!queryInformation.isSelectStatement()) {
+			throw new IllegalStateException(String.format(
+					"Cannot derive count query for %s statement. Count queries are only supported for SELECT statements.",
+					queryInformation.getStatementType()));
+		}
+
 		return QueryRenderer.TokenRenderer
 				.render(countQueryFunction.apply(countProjection, this.queryInformation).visit(context));
 	}

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/JpqlQueryIntrospector.java

@@ -38,11 +38,36 @@ class JpqlQueryIntrospector extends JpqlBaseVisitor<Void> implements ParsedQuery
 	private @Nullable List<QueryToken> projection;
 	private boolean projectionProcessed;
 	private boolean hasConstructorExpression = false;
+	private QueryInformation.StatementType statementType = QueryInformation.StatementType.SELECT;
 
 	@Override
 	public QueryInformation getParsedQueryInformation() {
 		return new QueryInformation(primaryFromAlias, projection == null ? Collections.emptyList() : projection,
-				hasConstructorExpression);
+				hasConstructorExpression, statementType);
+	}
+
+	@Override
+	public Void visitSelectQuery(JpqlParser.SelectQueryContext ctx) {
+		statementType = QueryInformation.StatementType.SELECT;
+		return super.visitSelectQuery(ctx);
+	}
+
+	@Override
+	public Void visitFromQuery(JpqlParser.FromQueryContext ctx) {
+		statementType = QueryInformation.StatementType.SELECT;
+		return super.visitFromQuery(ctx);
+	}
+
+	@Override
+	public Void visitUpdate_statement(JpqlParser.Update_statementContext ctx) {
+		statementType = QueryInformation.StatementType.UPDATE;
+		return super.visitUpdate_statement(ctx);
+	}
+
+	@Override
+	public Void visitDelete_statement(JpqlParser.Delete_statementContext ctx) {
+		statementType = QueryInformation.StatementType.DELETE;
+		return super.visitDelete_statement(ctx);
 	}
 
 	@Override

spring-data-jpa/src/main/java/org/springframework/data/jpa/repository/query/QueryInformation.java

@@ -33,10 +33,18 @@ class QueryInformation {
 
 	private final boolean hasConstructorExpression;
 
+	private final StatementType statementType;
+
 	QueryInformation(@Nullable String alias, List<QueryToken> projection, boolean hasConstructorExpression) {
+		this(alias, projection, hasConstructorExpression, StatementType.SELECT);
+	}
+
+	QueryInformation(@Nullable String alias, List<QueryToken> projection, boolean hasConstructorExpression,
+			StatementType statementType) {
 		this.alias = alias;
 		this.projection = projection;
 		this.hasConstructorExpression = hasConstructorExpression;
+		this.statementType = statementType;
 	}
 
 	/**
@@ -61,4 +69,59 @@ public List<QueryToken> getProjection() {
 	public boolean hasConstructorExpression() {
 		return hasConstructorExpression;
 	}
+
+	/**
+	 * @return the statement type of the query.
+	 * @since 4.0
+	 */
+	public StatementType getStatementType() {
+		return statementType;
+	}
+
+	/**
+	 * @return {@code true} if the query is a SELECT statement.
+	 * @since 4.0
+	 */
+	public boolean isSelectStatement() {
+		return statementType == StatementType.SELECT;
+	}
+
+	/**
+	 * Enum representing the type of SQL/JPQL statement.
+	 *
+	 * @since 4.0
+	 */
+	enum StatementType {
+
+		/**
+		 * SELECT statement.
+		 */
+		SELECT,
+
+		/**
+		 * INSERT statement.
+		 */
+		INSERT,
+
+		/**
+		 * UPDATE statement.
+		 */
+		UPDATE,
+
+		/**
+		 * DELETE statement.
+		 */
+		DELETE,
+
+		/**
+		 * MERGE statement.
+		 */
+		MERGE,
+
+		/**
+		 * Other statement types.
+		 */
+		OTHER
+	}
+
 }