You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@olingo.apache.org by ra...@apache.org on 2019/08/02 05:31:04 UTC
[olingo-odata2] branch master updated: [OLINGO-1228] Fix to filter
value having 2 single quotes in JPA
This is an automated email from the ASF dual-hosted git repository.
ramyav pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/olingo-odata2.git
The following commit(s) were added to refs/heads/master by this push:
new ce414cc [OLINGO-1228] Fix to filter value having 2 single quotes in JPA
ce414cc is described below
commit ce414cc7ae44eae7aa4f8ffd4f4b124679d7623f
Author: ramya vasanth <ra...@sap.com>
AuthorDate: Fri Aug 2 11:00:51 2019 +0530
[OLINGO-1228] Fix to filter value having 2 single quotes in JPA
---
.../odata2/jpa/processor/core/ODataExpressionParser.java | 1 -
.../jpa/processor/core/ODataFilterExpressionParserTest.java | 10 +++++-----
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java b/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
index 25b4f9f..ce4fa4f 100644
--- a/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
+++ b/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
@@ -517,7 +517,6 @@ public class ODataExpressionParser {
Class<?> edmMappedType, Map<Integer, Object> positionalParameters, int index) throws ODataJPARuntimeException {
if (EdmSimpleTypeKind.String.getEdmSimpleTypeInstance().isCompatible(edmSimpleType)
|| EdmSimpleTypeKind.Guid.getEdmSimpleTypeInstance().isCompatible(edmSimpleType)) {
- uriLiteral = uriLiteral.replaceAll("'", "''");
uriLiteral = updateValueIfWildcards(uriLiteral);
if (!positionalParameters.containsKey(index)) {
if(edmMappedType != null){
diff --git a/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java b/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
index a268778..f2f7121 100644
--- a/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
+++ b/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
@@ -51,7 +51,7 @@ public class ODataFilterExpressionParserTest {
private static final String[] EXPRESSION_EQ = { "id eq '123'", "(E1.id LIKE '123' ESCAPE '\\')" };
private static final String[] EXPRESSION_NE = { "id ne '123'", "(E1.id NOT LIKE '123' ESCAPE '\\')" };
private static final String[] EXPRESSION_NE_SPECIAL = { "id ne '1_3'", "(E1.id NOT LIKE '1_3' ESCAPE '\\')" };
- private static final String[] EXPRESSION_ESCAPE = { "id ne '123''22'", "(E1.id NOT LIKE '123''22' ESCAPE '\\')" };
+ private static final String[] EXPRESSION_ESCAPE = { "id ne '123''22'", "(E1.id NOT LIKE '123'22' ESCAPE '\\')" };
private static final String[] EXPRESSION_BINARY_AND =
{
"id le '123' and soId eq 123L and not (substringof(id,'123') eq false) eq true",
@@ -81,21 +81,21 @@ public class ODataFilterExpressionParserTest {
"(SUBSTRING(E1.oValue.Currency, 1 + 1 , 3) LIKE 'INR' ESCAPE '\\')" };
private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION1 = {
"substringof('a'' OR 1=1 OR E1.id LIKE ''b',id) eq true",
- "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('a'' OR 1=1 OR E1.id LIKE ''b','%')) ESCAPE '\\') "
+ "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('a' OR 1=1 OR E1.id LIKE 'b','%')) ESCAPE '\\') "
+ "THEN TRUE ELSE FALSE END) = true)" };
private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION2 =
{
"substringof('substringof(''a'' OR 1=1 OR E1.id LIKE ''b'',id)',id) eq true",
- "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('substringof(''a'' OR 1=1 OR E1.id LIKE ''b'',id)','%')) ESCAPE '\\') "
+ "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('substringof('a' OR 1=1 OR E1.id LIKE 'b',id)','%')) ESCAPE '\\') "
+ "THEN TRUE ELSE FALSE END) = true)" };
private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION3 =
{
"substringof( substring(' ) OR execute_my_sql OR '' LIKE ',3),'de''') eq true",
- "((CASE WHEN ('de''' LIKE CONCAT('%',CONCAT(SUBSTRING(' ) OR execute_my_sql OR '' LIKE ', 3 + 1 ),'%')"
+ "((CASE WHEN ('de'' LIKE CONCAT('%',CONCAT(SUBSTRING(' ) OR execute_my_sql OR ' LIKE ', 3 + 1 ),'%')"
+ ") ESCAPE '\\') "
+ "THEN TRUE ELSE FALSE END) = true)" };
private static final String[] EXPRESSION_ENDSWITH_INJECTION1 = { "endswith(id,'Str''eet') eq true",
- "(E1.id LIKE CONCAT('%','Str''eet') ESCAPE '\\' )" };
+ "(E1.id LIKE CONCAT('%','Str'eet') ESCAPE '\\' )" };
private static final String[] EXPRESSION_PRECEDENCE = {
"id eq '123' and id ne '123' or (id eq '123' and id ne '123')",
"(((E1.id LIKE '123' ESCAPE '\\') AND (E1.id NOT LIKE '123' ESCAPE '\\')) OR ((E1.id LIKE '123' ESCAPE '\\') "