Fix #87 always add quotes to string params and escape (#88)

gkorland · web-flow · commit a0f077f12378 · 2020-11-02T12:11:09.000+02:00
* Fix #87 always add quotes to string params and escape * replace with instanceof
diff --git a/src/main/java/com/redislabs/redisgraph/impl/Utils.java b/src/main/java/com/redislabs/redisgraph/impl/Utils.java
@@ -31,18 +31,10 @@ private Utils() {}
      * @return the input string surrounded with quotation marks, if needed
      */
     private static String quoteString(String str){
-        if(str.startsWith("\"") && str.endsWith("\"")){
-            return str;
-        }
-
         StringBuilder sb = new StringBuilder(str.length()+2);
-        if(str.charAt(0)!='"'){
-            sb.append('"');
-        }
-        sb.append(str);
-        if (str.charAt(str.length()-1)!= '"'){
-            sb.append('"');
-        }
+        sb.append('"');
+        sb.append(str.replace("\"","\\\""));
+        sb.append('"');
         return sb.toString();
     }
 
@@ -96,18 +88,19 @@ private static String arrayToString(Object[] arr) {
     private static String valueToString(Object value) {
         if(value == null)
             return "null";
-        if(String.class.isInstance(value)){
+        
+        if(value instanceof String){
             return quoteString((String) value);
         }
-        if(Character.class.isInstance((value))){
+        if(value instanceof Character){
             return quoteString(((Character)value).toString());
         }
 
-        if(value.getClass().isArray()){
+        if(value instanceof Object[]){
             return arrayToString((Object[]) value);
 
         }
-        if(List.class.isInstance(value)){
+        if(value instanceof List){
             List<Object> list = (List<Object>)value;
             return arrayToString(list.toArray());
         }
diff --git a/src/test/java/com/redislabs/redisgraph/impl/UtilsTest.java b/src/test/java/com/redislabs/redisgraph/impl/UtilsTest.java
@@ -40,6 +40,12 @@ public void prepareQuery() {
   @Test
   public void testParamsPrep(){
     Map<String, Object> params = new HashMap<>();
+    params.put("param", "");
+    Assert.assertEquals("CYPHER param=\"\" RETURN $param", Utils.prepareQuery("RETURN $param", params));
+    params.put("param", "\"");
+    Assert.assertEquals("CYPHER param=\"\\\"\" RETURN $param", Utils.prepareQuery("RETURN $param", params));
+    params.put("param", "\"st");
+    Assert.assertEquals("CYPHER param=\"\\\"st\" RETURN $param", Utils.prepareQuery("RETURN $param", params));
     params.put("param", 1);
     Assert.assertEquals("CYPHER param=1 RETURN $param", Utils.prepareQuery("RETURN $param", params));
     params.put("param", 2.3);
@@ -52,6 +58,8 @@ public void testParamsPrep(){
     Assert.assertEquals("CYPHER param=null RETURN $param", Utils.prepareQuery("RETURN $param", params));
     params.put("param", "str");
     Assert.assertEquals("CYPHER param=\"str\" RETURN $param", Utils.prepareQuery("RETURN $param", params));
+    params.put("param", "s\"tr");
+    Assert.assertEquals("CYPHER param=\"s\\\"tr\" RETURN $param", Utils.prepareQuery("RETURN $param", params));
     Integer arr[] = {1,2,3};
     params.put("param", arr);
     Assert.assertEquals("CYPHER param=[1, 2, 3] RETURN $param", Utils.prepareQuery("RETURN $param", params));
