}
public List<String> selectProjectsFromView(DbSession session, String viewUuid, String projectViewUuid) {
- return mapper(session).selectProjectsFromView("%." + viewUuid + ".%", projectViewUuid);
+ var escapedViewUuid = viewUuid.replace("_", "\\_").replace("%", "\\%");
+ return mapper(session).selectProjectsFromView("%." + escapedViewUuid + ".%", projectViewUuid);
}
/**
and p.scope = 'PRJ'
and p.qualifier in ('VW', 'APP')
</select>
-
<select id="selectProjectsFromView" resultType="String">
select p.copy_component_uuid
from components p
where
p.enabled = ${_true}
and p.project_uuid = #{projectViewUuid,jdbcType=VARCHAR}
- and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR}
+ <choose>
+ <when test="_databaseId == 'mssql'">
+ and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR} {escape '\'}
+ </when>
+ <otherwise>
+ and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR} ESCAPE '\'
+ </otherwise>
+ </choose>
and p.qualifier = 'TRK'
and p.copy_component_uuid is not null
</select>
assertThat(underTest.selectProjectsFromView(dbSession, "Unknown", "Unknown")).isEmpty();
}
+ @Test
+ public void select_projects_from_view_should_escape_like_sensitive_characters() {
+ ComponentDto project1 = db.components().insertPrivateProject();
+ ComponentDto project2 = db.components().insertPrivateProject();
+ ComponentDto project3 = db.components().insertPrivateProject();
+
+ ComponentDto view = db.components().insertPrivatePortfolio();
+
+ //subview with uuid containing special character ( '_' ) for 'like' SQL clause
+ ComponentDto subView1 = db.components().insertComponent(newSubPortfolio(view, "A_C", "A_C-key"));
+ db.components().insertComponent(newProjectCopy(project1, subView1));
+ db.components().insertComponent(newProjectCopy(project2, subView1));
+
+ ComponentDto subView2 = db.components().insertComponent(newSubPortfolio(view, "ABC", "ABC-key"));
+ db.components().insertComponent(newProjectCopy(project3, subView2));
+
+ assertThat(underTest.selectProjectsFromView(dbSession, subView1.uuid(), view.uuid())).containsExactlyInAnyOrder(project1.uuid(), project2.uuid());
+ assertThat(underTest.selectProjectsFromView(dbSession, subView2.uuid(), view.uuid())).containsExactlyInAnyOrder(project3.uuid());
+ }
+
@Test
public void select_projects() {
ComponentDto provisionedProject = db.components().insertPrivateProject();
*/
package org.sonar.server.view.index;
-import com.google.common.collect.ImmutableSet;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
@Override
public Set<IndexType> getIndexTypes() {
- return ImmutableSet.of(TYPE_VIEW);
+ return Set.of(TYPE_VIEW);
}
@Override
private final DbSession dbSession = db.getSession();
private final ViewIndexer underTest = new ViewIndexer(dbClient, es.client());
+ @Test
+ public void getIndexTypes() {
+ assertThat(underTest.getIndexTypes()).containsExactly(TYPE_VIEW);
+ }
+
@Test
public void index_nothing() {
underTest.indexOnStartup(emptySet());