diff options
8 files changed, 155 insertions, 5 deletions
diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-schema-1.0.0.json index 2bbd09bade..2bbd09bade 100644 --- a/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-1.0.0.json +++ b/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-schema-1.0.0.json diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-subscription-response-event-schema-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-to-ncmp-subscription-response-event-schema-1.0.0.json index ec968fd0c0..ec968fd0c0 100644 --- a/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-subscription-response-event-schema-1.0.0.json +++ b/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-to-ncmp-subscription-response-event-schema-1.0.0.json diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json new file mode 100644 index 0000000000..a2017b4662 --- /dev/null +++ b/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json @@ -0,0 +1,69 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "urn:cps:org.onap.cps.ncmp.events:subscription-event-outcome-schema:1.0.0", + "$ref": "#/definitions/SubscriptionEventOutcome", + "definitions": { + "SubscriptionEventOutcome": { + "description": "The payload for avc subscription event outcome message.", + "type": "object", + "javaType": "org.onap.cps.ncmp.events.avcsubscription1_0_0.ncmp_to_client.SubscriptionEventOutcome", + "additionalProperties": false, + "properties": { + "data": { + "$ref": "#/definitions/data" + } + }, + "required": [ + "data" + ] + }, + "data": { + "type": "object", + "description": "The actual data containing information about the pending and rejected targets", + "additionalProperties": false, + "properties": { + "statusCode": { + "type": "integer" + }, + "statusMessage": { + "type": "string" + }, + "additionalInfo": { + "type": "object", + "additionalProperties": false, + "properties": { + "rejected": { + "$ref": "#/definitions/additionalInfoDetails" + }, + "pending": { + "$ref": "#/definitions/additionalInfoDetails" + } + } + } + }, + "required": [ + "statusCode", + "statusMessage" + ] + }, + "additionalInfoDetails": { + "type": "array", + "items": { + "type": "object", + "description": "Details for the target cmhandles", + "additionalProperties": false, + "properties": { + "details": { + "type": "string" + }, + "targets": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } +}
\ No newline at end of file diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java index ba94d56b1c..34dea9bc19 100644 --- a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java +++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java @@ -36,6 +36,7 @@ import org.onap.cps.spi.entities.AnchorEntity; import org.onap.cps.spi.entities.DataspaceEntity; import org.onap.cps.spi.entities.FragmentEntity; import org.onap.cps.spi.exceptions.CpsPathException; +import org.onap.cps.spi.utils.EscapeUtils; import org.onap.cps.utils.JsonObjectMapper; import org.springframework.stereotype.Component; @@ -202,7 +203,8 @@ public class FragmentQueryBuilder { if (cpsPathQuery.hasContainsFunctionCondition()) { sqlStringBuilder.append(" AND attributes ->> :containsLeafName LIKE CONCAT('%',:containsValue,'%') "); queryParameters.put("containsLeafName", cpsPathQuery.getContainsFunctionConditionLeafName()); - queryParameters.put("containsValue", cpsPathQuery.getContainsFunctionConditionValue()); + queryParameters.put("containsValue", + EscapeUtils.escapeForSqlLike(cpsPathQuery.getContainsFunctionConditionValue())); } } diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java index 03de95eb8d..303af5bc47 100755 --- a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java +++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java @@ -30,6 +30,7 @@ import org.onap.cps.spi.entities.AnchorEntity; import org.onap.cps.spi.entities.DataspaceEntity;
import org.onap.cps.spi.entities.FragmentEntity;
import org.onap.cps.spi.exceptions.DataNodeNotFoundException;
+import org.onap.cps.spi.utils.EscapeUtils;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
@@ -67,8 +68,6 @@ public interface FragmentRepository extends JpaRepository<FragmentEntity, Long>, return findByDataspaceIdAndXpathIn(dataspaceEntity.getId(), xpaths.toArray(new String[0]));
}
- boolean existsByAnchorId(long anchorId);
-
@Query(value = "SELECT * FROM fragment WHERE anchor_id = :anchorId LIMIT 1", nativeQuery = true)
Optional<FragmentEntity> findOneByAnchorId(@Param("anchorId") long anchorId);
@@ -95,8 +94,8 @@ public interface FragmentRepository extends JpaRepository<FragmentEntity, Long>, @Param("xpathPatterns") String[] xpathPatterns);
default void deleteListsByAnchorIdAndXpaths(long anchorId, Collection<String> xpaths) {
- final String[] listXpathPatterns = xpaths.stream().map(xpath -> xpath + "[%").toArray(String[]::new);
- deleteByAnchorIdAndXpathLikeAny(anchorId, listXpathPatterns);
+ deleteByAnchorIdAndXpathLikeAny(anchorId,
+ xpaths.stream().map(xpath -> EscapeUtils.escapeForSqlLike(xpath) + "[@%").toArray(String[]::new));
}
@Query(value = "SELECT xpath FROM fragment WHERE anchor_id = :anchorId AND xpath = ANY (:xpaths)",
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java new file mode 100644 index 0000000000..3092b79051 --- /dev/null +++ b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java @@ -0,0 +1,33 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2023 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.cps.spi.utils; + +import lombok.AccessLevel; +import lombok.NoArgsConstructor; + +@NoArgsConstructor(access = AccessLevel.PRIVATE) +public class EscapeUtils { + + public static String escapeForSqlLike(final String text) { + return text.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + } + +} diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy new file mode 100644 index 0000000000..17eb8846a1 --- /dev/null +++ b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy @@ -0,0 +1,36 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2023 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.cps.spi.utils + +import spock.lang.Specification + +class EscapeUtilsSpec extends Specification { + + def 'Escape text for using in SQL LIKE operation'() { + expect: + EscapeUtils.escapeForSqlLike(unescapedText) == escapedText + where: + unescapedText || escapedText + 'Only %, _, and \\ are special' || 'Only \\%, \\_, and \\\\ are special' + 'Others (./?$) are not special' || 'Others (./?$) are not special' + } + +} diff --git a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy index fa0b820459..0cb3200f80 100644 --- a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy +++ b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy @@ -339,4 +339,15 @@ class CpsQueryServiceIntegrationSpec extends FunctionalSpecBase { 'incomplete absolute 1 list entry' | '/categories[@code="3"]' || 0 } + def 'Cps Path query should ignore special characters: #scenario.'() { + when: 'a query is executed to get data nodes by the given cps path' + def result = objectUnderTest.queryDataNodes(FUNCTIONAL_TEST_DATASPACE_1, BOOKSTORE_ANCHOR_1, cpsPath, INCLUDE_ALL_DESCENDANTS) + then: 'no data nodes are returned' + assert result.isEmpty() + where: + scenario | cpsPath + ' sql wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, "%")]' + 'regex wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, ".*")]' + } + } |