(cherry picked from commit 52785af21a
)
tags/8.9.7.52159
@@ -249,7 +249,8 @@ public class ComponentDao implements Dao { | |||
} | |||
public List<String> selectProjectsFromView(DbSession session, String viewUuid, String projectViewUuid) { | |||
return mapper(session).selectProjectsFromView("%." + viewUuid + ".%", projectViewUuid); | |||
String escapedViewUuid = viewUuid.replace("_", "\\_").replace("%", "\\%"); | |||
return mapper(session).selectProjectsFromView("%." + escapedViewUuid + ".%", projectViewUuid); | |||
} | |||
/** |
@@ -424,14 +424,20 @@ | |||
and p.scope = 'PRJ' | |||
and p.qualifier in ('VW', 'APP') | |||
</select> | |||
<select id="selectProjectsFromView" resultType="String"> | |||
select p.copy_component_uuid | |||
from components p | |||
where | |||
p.enabled = ${_true} | |||
and p.project_uuid = #{projectViewUuid,jdbcType=VARCHAR} | |||
and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR} | |||
<choose> | |||
<when test="_databaseId == 'mssql'"> | |||
and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR} {escape '\'} | |||
</when> | |||
<otherwise> | |||
and p.module_uuid_path like #{viewUuidLikeQuery,jdbcType=VARCHAR} ESCAPE '\' | |||
</otherwise> | |||
</choose> | |||
and p.qualifier = 'TRK' | |||
and p.copy_component_uuid is not null | |||
</select> |
@@ -994,6 +994,26 @@ public class ComponentDaoTest { | |||
assertThat(underTest.selectProjectsFromView(dbSession, "Unknown", "Unknown")).isEmpty(); | |||
} | |||
@Test | |||
public void select_projects_from_view_should_escape_like_sensitive_characters() { | |||
ComponentDto project1 = db.components().insertPrivateProject(); | |||
ComponentDto project2 = db.components().insertPrivateProject(); | |||
ComponentDto project3 = db.components().insertPrivateProject(); | |||
ComponentDto view = db.components().insertPrivatePortfolio(); | |||
//subview with uuid containing special character ( '_' ) for 'like' SQL clause | |||
ComponentDto subView1 = db.components().insertComponent(newSubView(view, "A_C", "A_C-key")); | |||
db.components().insertComponent(newProjectCopy(project1, subView1)); | |||
db.components().insertComponent(newProjectCopy(project2, subView1)); | |||
ComponentDto subView2 = db.components().insertComponent(newSubView(view, "ABC", "ABC-key")); | |||
db.components().insertComponent(newProjectCopy(project3, subView2)); | |||
assertThat(underTest.selectProjectsFromView(dbSession, subView1.uuid(), view.uuid())).containsExactlyInAnyOrder(project1.uuid(), project2.uuid()); | |||
assertThat(underTest.selectProjectsFromView(dbSession, subView2.uuid(), view.uuid())).containsExactlyInAnyOrder(project3.uuid()); | |||
} | |||
@Test | |||
public void select_projects() { | |||
ComponentDto provisionedProject = db.components().insertPrivateProject(); |
@@ -57,6 +57,11 @@ public class ViewIndexerTest { | |||
private final DbSession dbSession = db.getSession(); | |||
private final ViewIndexer underTest = new ViewIndexer(dbClient, es.client()); | |||
@Test | |||
public void getIndexTypes() { | |||
assertThat(underTest.getIndexTypes()).containsExactly(TYPE_VIEW); | |||
} | |||
@Test | |||
public void index_nothing() { | |||
underTest.indexOnStartup(emptySet()); |