SONAR-15825 Escape special characters in like sql query for portfolio projects

author: Jacek <jacek.poreda@sonarsource.com> 2022-01-25 10:28:26 +0100
committer: sonartech <sonartech@sonarsource.com> 2022-01-26 20:02:44 +0000
commit: 4d26d4ebf4d6101f12b4bb9135e553c6d06e3733 (patch)
tree: 2b26bd9edfc053796b4c6fd6523d713fe4bb7d5a /server/sonar-db-dao/src/main/java/org/sonar
parent: b011476a0b167dc3cd5252c3428be01956dee5b2 (diff)
download: sonarqube-4d26d4ebf4d6101f12b4bb9135e553c6d06e3733.tar.gz
sonarqube-4d26d4ebf4d6101f12b4bb9135e553c6d06e3733.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java b/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
index 027eca54878..bbdaab77678 100644
--- a/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
+++ b/server/sonar-db-dao/src/main/java/org/sonar/db/component/ComponentDao.java
@@ -257,7 +257,8 @@ public class ComponentDao implements Dao {
   }
 
   public List<String> selectProjectsFromView(DbSession session, String viewUuid, String projectViewUuid) {
-    return mapper(session).selectProjectsFromView("%." + viewUuid + ".%", projectViewUuid);
+    var escapedViewUuid = viewUuid.replace("_", "\\_").replace("%", "\\%");
+    return mapper(session).selectProjectsFromView("%." + escapedViewUuid + ".%", projectViewUuid);
   }
 
   /**
author	Jacek <jacek.poreda@sonarsource.com>	2022-01-25 10:28:26 +0100
committer	sonartech <sonartech@sonarsource.com>	2022-01-26 20:02:44 +0000
commit	4d26d4ebf4d6101f12b4bb9135e553c6d06e3733 (patch)
tree	2b26bd9edfc053796b4c6fd6523d713fe4bb7d5a /server/sonar-db-dao/src/main/java/org/sonar
parent	b011476a0b167dc3cd5252c3428be01956dee5b2 (diff)
download	sonarqube-4d26d4ebf4d6101f12b4bb9135e553c6d06e3733.tar.gz sonarqube-4d26d4ebf4d6101f12b4bb9135e553c6d06e3733.zip