From 531bd1002a480728936f8fa29ce87d4418783878 Mon Sep 17 00:00:00 2001 From: danielhanrahan Date: Fri, 23 Jun 2023 12:49:27 +0100 Subject: Escape SQL LIKE wildcards in queries (CPS-1760 #1) If '%' and '_' are used in the contains-condition of a CpsPath query, incorrect results will be returned. For example: /bookstore/categories[contains(@code, "%")] Special characters in the contains-condition value must be escaped. Issue-ID: CPS-1762 Signed-off-by: danielhanrahan Change-Id: I2fdd5a26433d510cd7d6af5b734a6779b537d63d --- .../functional/CpsQueryServiceIntegrationSpec.groovy | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'integration-test/src/test/groovy') diff --git a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy index fa0b82045..0cb3200f8 100644 --- a/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy +++ b/integration-test/src/test/groovy/org/onap/cps/integration/functional/CpsQueryServiceIntegrationSpec.groovy @@ -339,4 +339,15 @@ class CpsQueryServiceIntegrationSpec extends FunctionalSpecBase { 'incomplete absolute 1 list entry' | '/categories[@code="3"]' || 0 } + def 'Cps Path query should ignore special characters: #scenario.'() { + when: 'a query is executed to get data nodes by the given cps path' + def result = objectUnderTest.queryDataNodes(FUNCTIONAL_TEST_DATASPACE_1, BOOKSTORE_ANCHOR_1, cpsPath, INCLUDE_ALL_DESCENDANTS) + then: 'no data nodes are returned' + assert result.isEmpty() + where: + scenario | cpsPath + ' sql wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, "%")]' + 'regex wildcard in contains-condition' | '/bookstore/categories[@code="1"]/books[contains(@title, ".*")]' + } + } -- cgit 1.2.3-korg