From 69291bdd13e1d9fa27410fe6ef9ec567e69efb62 Mon Sep 17 00:00:00 2001 From: Simon Brandhof Date: Thu, 16 May 2013 12:05:29 +0200 Subject: [PATCH] SONAR-4323 escape special characters % and _ --- .../resources/org/sonar/core/user/UserMapper.xml | 2 +- .../test/java/org/sonar/core/user/UserDaoTest.java | 11 +++++++++++ .../src/main/java/org/sonar/api/user/UserQuery.java | 13 ++++++++++++- .../test/java/org/sonar/api/user/UserQueryTest.java | 9 ++++++++- 4 files changed, 32 insertions(+), 3 deletions(-) diff --git a/sonar-core/src/main/resources/org/sonar/core/user/UserMapper.xml b/sonar-core/src/main/resources/org/sonar/core/user/UserMapper.xml index adfeea60245..c662b2e03a9 100644 --- a/sonar-core/src/main/resources/org/sonar/core/user/UserMapper.xml +++ b/sonar-core/src/main/resources/org/sonar/core/user/UserMapper.xml @@ -43,7 +43,7 @@ and u.active=${_true} - and (u.login like #{searchTextSql} or u.name like #{searchTextSql}) + and (u.login like #{searchTextSql} escape '/' or u.name like #{searchTextSql} escape '/') order by u.name diff --git a/sonar-core/src/test/java/org/sonar/core/user/UserDaoTest.java b/sonar-core/src/test/java/org/sonar/core/user/UserDaoTest.java index a91acd2bd66..186b20eaf56 100644 --- a/sonar-core/src/test/java/org/sonar/core/user/UserDaoTest.java +++ b/sonar-core/src/test/java/org/sonar/core/user/UserDaoTest.java @@ -121,6 +121,17 @@ public class UserDaoTest extends AbstractDaoTestCase { assertThat(users.get(0).getLogin()).isEqualTo("sbrandhof"); } + @Test + public void selectUsersByQuery_escape_special_characters_in_like() throws Exception { + setupData("selectUsersByText"); + + UserQuery query = UserQuery.builder().searchText("%s%").build(); + // we expect really a login or name containing the 3 characters "%s%" + + List users = dao.selectUsers(query); + assertThat(users).isEmpty(); + } + @Test public void selectGroupByName() { setupData("selectGroupByName"); diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java b/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java index 027be9f5e60..ddeb58bf01b 100644 --- a/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java +++ b/sonar-plugin-api/src/main/java/org/sonar/api/user/UserQuery.java @@ -44,7 +44,18 @@ public class UserQuery { this.logins = builder.logins; this.includeDeactivated = builder.includeDeactivated; this.searchText = builder.searchText; - this.searchTextSql = (searchText !=null ? "%" + searchText + "%" : null); + + this.searchTextSql = searchTextToSql(searchText); + } + + private String searchTextToSql(@Nullable String s) { + String sql = null; + if (s != null) { + sql = StringUtils.replace(s, "%", "/%"); + sql = StringUtils.replace(sql, "_", "/_"); + sql = "%" + sql + "%"; + } + return sql; } @CheckForNull diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java index 3cbc5822f1c..d20beb80a87 100644 --- a/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java +++ b/sonar-plugin-api/src/test/java/org/sonar/api/user/UserQueryTest.java @@ -69,9 +69,16 @@ public class UserQueryTest { } @Test - public void test_searchText() throws Exception { + public void searchText() throws Exception { UserQuery query = UserQuery.builder().searchText("sim").build(); assertThat(query.searchText()).isEqualTo("sim"); assertThat(query.searchTextSql).isEqualTo("%sim%"); } + + @Test + public void searchText_escape_special_characters_in_like() throws Exception { + UserQuery query = UserQuery.builder().searchText("%sim_").build(); + assertThat(query.searchText()).isEqualTo("%sim_"); + assertThat(query.searchTextSql).isEqualTo("%/%sim/_%"); + } } -- 2.39.5