summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-schema-1.0.0.json (renamed from cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-1.0.0.json)0
-rw-r--r--cps-ncmp-events/src/main/resources/schemas/subscription/dmi-to-ncmp-subscription-response-event-schema-1.0.0.json (renamed from cps-ncmp-events/src/main/resources/schemas/subscription/dmi-subscription-response-event-schema-1.0.0.json)0
-rw-r--r--cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json69
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java4
-rwxr-xr-xcps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java7
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java33
-rw-r--r--cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy36
-rw-r--r--integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy11
8 files changed, 155 insertions, 5 deletions
diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-schema-1.0.0.json
index 2bbd09bade..2bbd09bade 100644
--- a/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-1.0.0.json
+++ b/cps-ncmp-events/src/main/resources/schemas/subscription/client-to-ncmp-subscription-event-schema-1.0.0.json
diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-subscription-response-event-schema-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-to-ncmp-subscription-response-event-schema-1.0.0.json
index ec968fd0c0..ec968fd0c0 100644
--- a/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-subscription-response-event-schema-1.0.0.json
+++ b/cps-ncmp-events/src/main/resources/schemas/subscription/dmi-to-ncmp-subscription-response-event-schema-1.0.0.json
diff --git a/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json b/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json
new file mode 100644
index 0000000000..a2017b4662
--- /dev/null
+++ b/cps-ncmp-events/src/main/resources/schemas/subscription/ncmp-to-client-subscription-event-outcome-schema-1.0.0.json
@@ -0,0 +1,69 @@
+{
+ "$schema": "https://json-schema.org/draft/2019-09/schema",
+ "$id": "urn:cps:org.onap.cps.ncmp.events:subscription-event-outcome-schema:1.0.0",
+ "$ref": "#/definitions/SubscriptionEventOutcome",
+ "definitions": {
+ "SubscriptionEventOutcome": {
+ "description": "The payload for avc subscription event outcome message.",
+ "type": "object",
+ "javaType": "org.onap.cps.ncmp.events.avcsubscription1_0_0.ncmp_to_client.SubscriptionEventOutcome",
+ "additionalProperties": false,
+ "properties": {
+ "data": {
+ "$ref": "#/definitions/data"
+ }
+ },
+ "required": [
+ "data"
+ ]
+ },
+ "data": {
+ "type": "object",
+ "description": "The actual data containing information about the pending and rejected targets",
+ "additionalProperties": false,
+ "properties": {
+ "statusCode": {
+ "type": "integer"
+ },
+ "statusMessage": {
+ "type": "string"
+ },
+ "additionalInfo": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "rejected": {
+ "$ref": "#/definitions/additionalInfoDetails"
+ },
+ "pending": {
+ "$ref": "#/definitions/additionalInfoDetails"
+ }
+ }
+ }
+ },
+ "required": [
+ "statusCode",
+ "statusMessage"
+ ]
+ },
+ "additionalInfoDetails": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "description": "Details for the target cmhandles",
+ "additionalProperties": false,
+ "properties": {
+ "details": {
+ "type": "string"
+ },
+ "targets": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
index ba94d56b1c..34dea9bc19 100644
--- a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
@@ -36,6 +36,7 @@ import org.onap.cps.spi.entities.AnchorEntity;
import org.onap.cps.spi.entities.DataspaceEntity;
import org.onap.cps.spi.entities.FragmentEntity;
import org.onap.cps.spi.exceptions.CpsPathException;
+import org.onap.cps.spi.utils.EscapeUtils;
import org.onap.cps.utils.JsonObjectMapper;
import org.springframework.stereotype.Component;
@@ -202,7 +203,8 @@ public class FragmentQueryBuilder {
if (cpsPathQuery.hasContainsFunctionCondition()) {
sqlStringBuilder.append(" AND attributes ->> :containsLeafName LIKE CONCAT('%',:containsValue,'%') ");
queryParameters.put("containsLeafName", cpsPathQuery.getContainsFunctionConditionLeafName());
- queryParameters.put("containsValue", cpsPathQuery.getContainsFunctionConditionValue());
+ queryParameters.put("containsValue",
+ EscapeUtils.escapeForSqlLike(cpsPathQuery.getContainsFunctionConditionValue()));
}
}
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java
index 03de95eb8d..303af5bc47 100755
--- a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentRepository.java
@@ -30,6 +30,7 @@ import org.onap.cps.spi.entities.AnchorEntity;
import org.onap.cps.spi.entities.DataspaceEntity;
import org.onap.cps.spi.entities.FragmentEntity;
import org.onap.cps.spi.exceptions.DataNodeNotFoundException;
+import org.onap.cps.spi.utils.EscapeUtils;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Modifying;
import org.springframework.data.jpa.repository.Query;
@@ -67,8 +68,6 @@ public interface FragmentRepository extends JpaRepository<FragmentEntity, Long>,
return findByDataspaceIdAndXpathIn(dataspaceEntity.getId(), xpaths.toArray(new String[0]));
}
- boolean existsByAnchorId(long anchorId);
-
@Query(value = "SELECT * FROM fragment WHERE anchor_id = :anchorId LIMIT 1", nativeQuery = true)
Optional<FragmentEntity> findOneByAnchorId(@Param("anchorId") long anchorId);
@@ -95,8 +94,8 @@ public interface FragmentRepository extends JpaRepository<FragmentEntity, Long>,
@Param("xpathPatterns") String[] xpathPatterns);
default void deleteListsByAnchorIdAndXpaths(long anchorId, Collection<String> xpaths) {
- final String[] listXpathPatterns = xpaths.stream().map(xpath -> xpath + "[%").toArray(String[]::new);
- deleteByAnchorIdAndXpathLikeAny(anchorId, listXpathPatterns);
+ deleteByAnchorIdAndXpathLikeAny(anchorId,
+ xpaths.stream().map(xpath -> EscapeUtils.escapeForSqlLike(xpath) + "[@%").toArray(String[]::new));
}
@Query(value = "SELECT xpath FROM fragment WHERE anchor_id = :anchorId AND xpath = ANY (:xpaths)",
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java
new file mode 100644
index 0000000000..3092b79051
--- /dev/null
+++ b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java
@@ -0,0 +1,33 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2023 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.cps.spi.utils;
+
+import lombok.AccessLevel;
+import lombok.NoArgsConstructor;
+
+@NoArgsConstructor(access = AccessLevel.PRIVATE)
+public class EscapeUtils {
+
+ public static String escapeForSqlLike(final String text) {
+ return text.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_");
+ }
+
+}
diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy
new file mode 100644
index 0000000000..17eb8846a1
--- /dev/null
+++ b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy
@@ -0,0 +1,36 @@
+/*
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2023 Nordix Foundation
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.cps.spi.utils
+
+import spock.lang.Specification
+
+class EscapeUtilsSpec extends Specification {
+
+ def 'Escape text for using in SQL LIKE operation'() {
+ expect:
+ EscapeUtils.escapeForSqlLike(unescapedText) == escapedText
+ where:
+ unescapedText || escapedText
+ 'Only %, _, and \\ are special' || 'Only \\%, \\_, and \\\\ are special'
+ 'Others (./?$) are not special' || 'Others (./?$) are not special'
+ }
+
+}
diff --git a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy
index fa0b820459..0cb3200f80 100644
--- a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy
+++ b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy
@@ -339,4 +339,15 @@ class CpsQueryServiceIntegrationSpec extends FunctionalSpecBase {
'incomplete absolute 1 list entry' | '/categories[@code="3"]' || 0
}
+ def 'Cps Path query should ignore special characters: #scenario.'() {
+ when: 'a query is executed to get data nodes by the given cps path'
+ def result = objectUnderTest.queryDataNodes(FUNCTIONAL_TEST_DATASPACE_1, BOOKSTORE_ANCHOR_1, cpsPath, INCLUDE_ALL_DESCENDANTS)
+ then: 'no data nodes are returned'
+ assert result.isEmpty()
+ where:
+ scenario | cpsPath
+ ' sql wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, "%")]'
+ 'regex wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, ".*")]'
+ }
+
}