From 531bd1002a480728936f8fa29ce87d4418783878 Mon Sep 17 00:00:00 2001 From: danielhanrahan Date: Fri, 23 Jun 2023 12:49:27 +0100 Subject: Escape SQL LIKE wildcards in queries (CPS-1760 #1) If '%' and '_' are used in the contains-condition of a CpsPath query, incorrect results will be returned. For example: /bookstore/categories[contains(@code, "%")] Special characters in the contains-condition value must be escaped. Issue-ID: CPS-1762 Signed-off-by: danielhanrahan Change-Id: I2fdd5a26433d510cd7d6af5b734a6779b537d63d --- .../org/onap/cps/spi/utils/EscapeUtilsSpec.groovy | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy (limited to 'cps-ri/src/test/groovy/org/onap') diff --git a/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy new file mode 100644 index 0000000000..17eb8846a1 --- /dev/null +++ b/cps-ri/src/test/groovy/org/onap/cps/spi/utils/EscapeUtilsSpec.groovy @@ -0,0 +1,36 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2023 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.cps.spi.utils + +import spock.lang.Specification + +class EscapeUtilsSpec extends Specification { + + def 'Escape text for using in SQL LIKE operation'() { + expect: + EscapeUtils.escapeForSqlLike(unescapedText) == escapedText + where: + unescapedText || escapedText + 'Only %, _, and \\ are special' || 'Only \\%, \\_, and \\\\ are special' + 'Others (./?$) are not special' || 'Others (./?$) are not special' + } + +} -- cgit 1.2.3-korg