diff --git a/rxrepo-orientdb/src/main/java/com/slimgears/rxrepo/orientdb/OrientDbSqlExpressionGenerator.java b/rxrepo-orientdb/src/main/java/com/slimgears/rxrepo/orientdb/OrientDbSqlExpressionGenerator.java index 3864549..7349d99 100644 --- a/rxrepo-orientdb/src/main/java/com/slimgears/rxrepo/orientdb/OrientDbSqlExpressionGenerator.java +++ b/rxrepo-orientdb/src/main/java/com/slimgears/rxrepo/orientdb/OrientDbSqlExpressionGenerator.java @@ -39,17 +39,14 @@ protected ExpressionTextGenerator.Interceptor createInterceptor() { return searchTextInterceptor; } - @SuppressWarnings("unchecked") private String onVisitSearchTextExpression(Function, String> visitor, BooleanBinaryOperationExpression expression, Supplier visitedExpression) { - String searchText = ((ConstantExpression)expression.right()).value() - .replace("\\", "\\\\"); - String concat = PropertyExpressions.searchableProperties(expression.left()) .map(PropertyExpression::asString) .map(visitor) .collect(Collectors.joining(" + ' ' + ")); - return formatAndFixQuotes("((%s) containsText '%s')").reduce(expression, concat, searchText); + String searchExpression = super.toSqlExpression(expression.right()); + return formatAndFixQuotes("((%s) containsText %s)").reduce(expression, concat, searchExpression); } private String onVisitBinaryExpression(Function, String> visitor, BooleanBinaryOperationExpression expression, Supplier visitedExpression) { diff --git a/rxrepo-test/src/main/java/com/slimgears/rxrepo/test/AbstractRepositoryTest.java b/rxrepo-test/src/main/java/com/slimgears/rxrepo/test/AbstractRepositoryTest.java index 8b716c4..1ba2279 100644 --- a/rxrepo-test/src/main/java/com/slimgears/rxrepo/test/AbstractRepositoryTest.java +++ b/rxrepo-test/src/main/java/com/slimgears/rxrepo/test/AbstractRepositoryTest.java @@ -263,7 +263,7 @@ public void testInsertThenLiveSelectShouldReturnAdded() throws InterruptedExcept .assertValueAt(10, NotificationPrototype::isCreate); } - @Test @UseLogLevel(LogLevel.TRACE) + @Test @UseLogLevel(LogLevel.DEBUG) public void testSearchTextWithSpecialChars() { products.update(Products.createOne().toBuilder() .key(UniqueId.productId(1)) @@ -277,6 +277,18 @@ public void testSearchTextWithSpecialChars() { Assert.assertEquals(Long.valueOf(1), products.findAll(Product.$.searchText(":> Product / {with} (special) % [chars]; - and more\\")).count().blockingGet()); } + @Test @UseLogLevel(LogLevel.DEBUG) + public void testSearchSqlInjection() { + products.update(Products.createOne().toBuilder() + .key(UniqueId.productId(1)) + .name("Product").build()) + .ignoreElement() + .blockingAwait(); + + Assert.assertEquals(Long.valueOf(0), products.findAll(Product.$.searchText("Product Foo' and 1=1 or 'a'='a")).count().blockingGet()); + } + + @Test @UseLogLevel(LogLevel.TRACE) public void testInsertThenLiveSelectCountShouldReturnCount() throws InterruptedException {