[olingo-odata2] branch master updated: [OLINGO-1228] Fix to filter value having 2 single quotes in JPA

[ramyav]

This is an automated email from the ASF dual-hosted git repository.

ramyav pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/olingo-odata2.git


The following commit(s) were added to refs/heads/master by this push:
     new ce414cc  [OLINGO-1228] Fix to filter value having 2 single quotes in 
JPA
ce414cc is described below

commit ce414cc7ae44eae7aa4f8ffd4f4b124679d7623f
Author: ramya vasanth <ramya.vasa...@sap.com>
AuthorDate: Fri Aug 2 11:00:51 2019 +0530

    [OLINGO-1228] Fix to filter value having 2 single quotes in JPA
---
 .../odata2/jpa/processor/core/ODataExpressionParser.java       |  1 -
 .../jpa/processor/core/ODataFilterExpressionParserTest.java    | 10 +++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git 
a/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
 
b/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
index 25b4f9f..ce4fa4f 100644
--- 
a/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
+++ 
b/odata2-jpa-processor/jpa-core/src/main/java/org/apache/olingo/odata2/jpa/processor/core/ODataExpressionParser.java
@@ -517,7 +517,6 @@ public class ODataExpressionParser {
       Class<?> edmMappedType, Map<Integer, Object> positionalParameters, int 
index) throws ODataJPARuntimeException {
     if 
(EdmSimpleTypeKind.String.getEdmSimpleTypeInstance().isCompatible(edmSimpleType)
         || 
EdmSimpleTypeKind.Guid.getEdmSimpleTypeInstance().isCompatible(edmSimpleType)) {
-      uriLiteral = uriLiteral.replaceAll("'", "''");
       uriLiteral = updateValueIfWildcards(uriLiteral);
       if (!positionalParameters.containsKey(index)) {
         if(edmMappedType != null){
diff --git 
a/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
 
b/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
index a268778..f2f7121 100644
--- 
a/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
+++ 
b/odata2-jpa-processor/jpa-core/src/test/java/org/apache/olingo/odata2/jpa/processor/core/ODataFilterExpressionParserTest.java
@@ -51,7 +51,7 @@ public class ODataFilterExpressionParserTest {
   private static final String[] EXPRESSION_EQ = { "id eq '123'", "(E1.id LIKE 
'123' ESCAPE '\\')" };
   private static final String[] EXPRESSION_NE = { "id ne '123'", "(E1.id NOT 
LIKE '123' ESCAPE '\\')" };
   private static final String[] EXPRESSION_NE_SPECIAL = { "id ne '1_3'", 
"(E1.id NOT LIKE '1_3' ESCAPE '\\')" };
-  private static final String[] EXPRESSION_ESCAPE = { "id ne '123''22'", 
"(E1.id NOT LIKE '123''22' ESCAPE '\\')" };
+  private static final String[] EXPRESSION_ESCAPE = { "id ne '123''22'", 
"(E1.id NOT LIKE '123'22' ESCAPE '\\')" };
    private static final String[] EXPRESSION_BINARY_AND =
   {
       "id le '123' and soId eq 123L and not (substringof(id,'123') eq false) 
eq true",
@@ -81,21 +81,21 @@ public class ODataFilterExpressionParserTest {
       "(SUBSTRING(E1.oValue.Currency, 1 + 1 , 3) LIKE 'INR' ESCAPE '\\')" };
   private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION1 = {
       "substringof('a'' OR 1=1 OR E1.id LIKE ''b',id) eq true",
-      "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('a'' OR 1=1 OR E1.id LIKE 
''b','%')) ESCAPE '\\') "
+      "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('a' OR 1=1 OR E1.id LIKE 
'b','%')) ESCAPE '\\') "
           + "THEN TRUE ELSE FALSE END) = true)" };
   private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION2 =
   {
       "substringof('substringof(''a'' OR 1=1 OR E1.id LIKE ''b'',id)',id) eq 
true",
-      "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('substringof(''a'' OR 1=1 OR 
E1.id LIKE ''b'',id)','%')) ESCAPE '\\') "
+      "((CASE WHEN (E1.id LIKE CONCAT('%',CONCAT('substringof('a' OR 1=1 OR 
E1.id LIKE 'b',id)','%')) ESCAPE '\\') "
           + "THEN TRUE ELSE FALSE END) = true)" };
   private static final String[] EXPRESSION_SUBSTRINGOF_INJECTION3 =
   {
       "substringof( substring(' ) OR execute_my_sql OR '' LIKE ',3),'de''') eq 
true",
-      "((CASE WHEN ('de''' LIKE CONCAT('%',CONCAT(SUBSTRING(' ) OR 
execute_my_sql OR '' LIKE ', 3 + 1 ),'%')"
+      "((CASE WHEN ('de'' LIKE CONCAT('%',CONCAT(SUBSTRING(' ) OR 
execute_my_sql OR ' LIKE ', 3 + 1 ),'%')"
       + ") ESCAPE '\\') "
           + "THEN TRUE ELSE FALSE END) = true)" };
   private static final String[] EXPRESSION_ENDSWITH_INJECTION1 = { 
"endswith(id,'Str''eet') eq true",
-      "(E1.id LIKE CONCAT('%','Str''eet') ESCAPE '\\' )" };
+      "(E1.id LIKE CONCAT('%','Str'eet') ESCAPE '\\' )" };
   private static final String[] EXPRESSION_PRECEDENCE = {
       "id eq '123' and id ne '123' or (id eq '123' and id ne '123')",
       "(((E1.id LIKE '123' ESCAPE '\\') AND (E1.id NOT LIKE '123' ESCAPE 
'\\')) OR ((E1.id LIKE '123' ESCAPE '\\') "