summaryrefslogtreecommitdiffstats
path: root/cps-ri/src/main/java/org
diff options
context:
space:
mode:
Diffstat (limited to 'cps-ri/src/main/java/org')
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java2
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/repository/TempTableCreator.java7
-rw-r--r--cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java8
3 files changed, 9 insertions, 8 deletions
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
index be06ebac03..e371035ba5 100644
--- a/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/FragmentQueryBuilder.java
@@ -136,7 +136,7 @@ public class FragmentQueryBuilder {
final String leafValueAsText = leaf.getValue().toString();
sqlStringBuilder.append("attributes ->> '").append(leaf.getName()).append("'");
sqlStringBuilder.append(" = '");
- sqlStringBuilder.append(leafValueAsText);
+ sqlStringBuilder.append(EscapeUtils.escapeForSqlStringLiteral(leafValueAsText));
sqlStringBuilder.append("'");
} else {
throw new CpsPathException(" can use only " + nextComparativeOperator + " with integer ");
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/repository/TempTableCreator.java b/cps-ri/src/main/java/org/onap/cps/spi/repository/TempTableCreator.java
index 139a8b3063..4c7971ead8 100644
--- a/cps-ri/src/main/java/org/onap/cps/spi/repository/TempTableCreator.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/repository/TempTableCreator.java
@@ -31,6 +31,7 @@ import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.onap.cps.spi.utils.EscapeUtils;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
@@ -86,7 +87,7 @@ public class TempTableCreator {
final Collection<String> sqlInserts = new HashSet<>(sqlData.size());
for (final Collection<String> rowValues : sqlData) {
final Collection<String> escapedValues =
- rowValues.stream().map(it -> escapeSingleQuotesByDoublingThem(it)).collect(Collectors.toList());
+ rowValues.stream().map(EscapeUtils::escapeForSqlStringLiteral).collect(Collectors.toList());
sqlInserts.add("('" + String.join("','", escapedValues) + "')");
}
sqlStringBuilder.append("INSERT INTO ");
@@ -98,8 +99,4 @@ public class TempTableCreator {
sqlStringBuilder.append(";");
}
- private static String escapeSingleQuotesByDoublingThem(final String value) {
- return value.replace("'", "''");
- }
-
}
diff --git a/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java
index 3092b79051..2b61d39503 100644
--- a/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java
+++ b/cps-ri/src/main/java/org/onap/cps/spi/utils/EscapeUtils.java
@@ -26,8 +26,12 @@ import lombok.NoArgsConstructor;
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class EscapeUtils {
- public static String escapeForSqlLike(final String text) {
- return text.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_");
+ public static String escapeForSqlLike(final String value) {
+ return value.replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_");
+ }
+
+ public static String escapeForSqlStringLiteral(final String value) {
+ return value.replace("'", "''");
}
}