You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/04/16 14:14:41 UTC
[syncope] branch 2_1_X updated: [SYNCOPE-1629] pgjsonb: escape
chars when using like_regex
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/2_1_X by this push:
new 6cf2aa0 [SYNCOPE-1629] pgjsonb: escape chars when using like_regex
6cf2aa0 is described below
commit 6cf2aa0355e9f728b3038694ef80b490c63f6f3c
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Fri Apr 16 16:14:02 2021 +0200
[SYNCOPE-1629] pgjsonb: escape chars when using like_regex
---
.../persistence/jpa/dao/PGJPAJSONAnySearchDAO.java | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java b/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
index cbaee83..1a6fffa 100644
--- a/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
+++ b/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
@@ -65,6 +65,16 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
protected static final String ALWAYS_FALSE_ASSERTION = "1=2";
+ protected static final String POSTGRESQL_REGEX_CHARS = "!$()*+.:<=>?[\\]^{|}-";
+
+ protected static String escapeForLikeRegex(final String input) {
+ String output = input;
+ for (char toEscape : POSTGRESQL_REGEX_CHARS.toCharArray()) {
+ output = output.replace(String.valueOf(toEscape), "\\" + toEscape);
+ }
+ return output;
+ }
+
@Override
protected void parseOrderByForPlainSchema(
final SearchSupport svs,
@@ -154,11 +164,11 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
if (schema.getType() == AttrSchemaType.String || schema.getType() == AttrSchemaType.Enum) {
query.append("jsonb_path_exists(").append(schema.getKey()).append(", '$[*] ? ").
append("(@.").append(key).append(" like_regex \"").
- append(value.replace("%", ".*")).
+ append(escapeForLikeRegex(value).replace("%", ".*")).
append("\"").
append(lower ? " flag \"i\"" : "").append(")')");
} else {
- query.append(" 1=2");
+ query.append(' ').append(ALWAYS_FALSE_ASSERTION);
LOG.error("LIKE is only compatible with string or enum schemas");
}
break;
@@ -168,7 +178,7 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
query.append("jsonb_path_exists(").append(schema.getKey()).append(", '$[*] ? ").
append("(@.").append(key);
if (isStr) {
- query.append(" like_regex \"").append(value.replace("'", "''")).append("\"");
+ query.append(" like_regex \"").append(escapeForLikeRegex(value).replace("'", "''")).append('"');
} else {
query.append(" == ").append(value);
}
@@ -861,7 +871,7 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
query.append('?').append(setParameter(parameters, cond.getExpression()));
}
} else {
- query.append(" 1=2");
+ query.append(' ').append(ALWAYS_FALSE_ASSERTION);
LOG.error("LIKE is only compatible with string or enum schemas");
}
break;