You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/04/16 14:14:36 UTC
[syncope] branch master updated: [SYNCOPE-1629] pgjsonb: escape
chars when using like_regex
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new b94270d [SYNCOPE-1629] pgjsonb: escape chars when using like_regex
b94270d is described below
commit b94270d1e42937d3ca04a8fcb0182f3ca65fcb74
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Fri Apr 16 16:14:02 2021 +0200
[SYNCOPE-1629] pgjsonb: escape chars when using like_regex
---
.../persistence/jpa/dao/PGJPAJSONAnySearchDAO.java | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
diff --git a/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java b/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
index 94820e7..ecdf80e 100644
--- a/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
+++ b/core/persistence-jpa-json/src/main/java/org/apache/syncope/core/persistence/jpa/dao/PGJPAJSONAnySearchDAO.java
@@ -64,6 +64,16 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
protected static final String ALWAYS_FALSE_ASSERTION = "1=2";
+ protected static final String POSTGRESQL_REGEX_CHARS = "!$()*+.:<=>?[\\]^{|}-";
+
+ protected static String escapeForLikeRegex(final String input) {
+ String output = input;
+ for (char toEscape : POSTGRESQL_REGEX_CHARS.toCharArray()) {
+ output = output.replace(String.valueOf(toEscape), "\\" + toEscape);
+ }
+ return output;
+ }
+
@Override
protected void parseOrderByForPlainSchema(
final SearchSupport svs,
@@ -153,11 +163,11 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
if (schema.getType() == AttrSchemaType.String || schema.getType() == AttrSchemaType.Enum) {
query.append("jsonb_path_exists(").append(schema.getKey()).append(", '$[*] ? ").
append("(@.").append(key).append(" like_regex \"").
- append(value.replace("%", ".*")).
+ append(escapeForLikeRegex(value).replace("%", ".*")).
append("\"").
append(lower ? " flag \"i\"" : "").append(")')");
} else {
- query.append(" 1=2");
+ query.append(' ').append(ALWAYS_FALSE_ASSERTION);
LOG.error("LIKE is only compatible with string or enum schemas");
}
break;
@@ -167,7 +177,7 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
query.append("jsonb_path_exists(").append(schema.getKey()).append(", '$[*] ? ").
append("(@.").append(key);
if (isStr) {
- query.append(" like_regex \"").append(value.replace("'", "''")).append("\"");
+ query.append(" like_regex \"").append(escapeForLikeRegex(value).replace("'", "''")).append('"');
} else {
query.append(" == ").append(value);
}
@@ -860,7 +870,7 @@ public class PGJPAJSONAnySearchDAO extends AbstractJPAJSONAnySearchDAO {
query.append('?').append(setParameter(parameters, cond.getExpression()));
}
} else {
- query.append(" 1=2");
+ query.append(' ').append(ALWAYS_FALSE_ASSERTION);
LOG.error("LIKE is only compatible with string or enum schemas");
}
break;