From 2fa15f772a294edc59dc79b2bb2ae18328f357b3 Mon Sep 17 00:00:00 2001 From: Peter-Josef Meisch Date: Tue, 11 Oct 2022 22:36:43 +0200 Subject: [PATCH] Escape backslash in StringQuery. Original Pull Request Closes #2326 (cherry picked from commit 03ecc48b09e42a041c9f04bc47801b36adf91306) --- .../repository/support/StringQueryUtil.java | 7 +++++-- .../query/ElasticsearchStringQueryUnitTests.java | 12 ++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/springframework/data/elasticsearch/repository/support/StringQueryUtil.java b/src/main/java/org/springframework/data/elasticsearch/repository/support/StringQueryUtil.java index d19401848..6b02b6093 100644 --- a/src/main/java/org/springframework/data/elasticsearch/repository/support/StringQueryUtil.java +++ b/src/main/java/org/springframework/data/elasticsearch/repository/support/StringQueryUtil.java @@ -46,7 +46,11 @@ final public class StringQueryUtil { String placeholder = Pattern.quote(matcher.group()) + "(?!\\d+)"; int index = NumberUtils.parseNumber(matcher.group(1), Integer.class); - result = result.replaceAll(placeholder, Matcher.quoteReplacement(getParameterWithIndex(accessor, index))); + String replacement = Matcher.quoteReplacement(getParameterWithIndex(accessor, index)); + result = result.replaceAll(placeholder, replacement); + // need to escape backslashes that are not escapes for quotes so that they are sent as double-backslashes + // to Elasticsearch + result = result.replaceAll("\\\\([^\"'])", "\\\\\\\\$1"); } return result; } @@ -56,7 +60,6 @@ final public class StringQueryUtil { Object parameter = accessor.getBindableValue(index); String parameterValue = "null"; - // noinspection ConstantConditions if (parameter != null) { parameterValue = convert(parameter); diff --git a/src/test/java/org/springframework/data/elasticsearch/repository/query/ElasticsearchStringQueryUnitTests.java b/src/test/java/org/springframework/data/elasticsearch/repository/query/ElasticsearchStringQueryUnitTests.java index 974b623e9..f78073aba 100644 --- a/src/test/java/org/springframework/data/elasticsearch/repository/query/ElasticsearchStringQueryUnitTests.java +++ b/src/test/java/org/springframework/data/elasticsearch/repository/query/ElasticsearchStringQueryUnitTests.java @@ -129,6 +129,18 @@ public class ElasticsearchStringQueryUnitTests extends ElasticsearchStringQueryU "{ 'bool' : { 'must' : { 'terms' : { 'name' : [\"hello \\\"Stranger\\\"\",\"Another string\"] } } } }"); } + @Test // #2326 + @DisplayName("should escape backslashes in collection query parameters") + void shouldEscapeBackslashesInCollectionQueryParameters() throws NoSuchMethodException { + + final List parameters = Arrays.asList("param\\1", "param\\2"); + List params = new ArrayList<>(parameters); + org.springframework.data.elasticsearch.core.query.Query query = createQuery("findByNameIn", params); + + assertThat(query).isInstanceOf(StringQuery.class); + assertThat(((StringQuery) query).getSource()).isEqualTo( + "{ 'bool' : { 'must' : { 'terms' : { 'name' : [\"param\\\\1\",\"param\\\\2\"] } } } }"); + } private org.springframework.data.elasticsearch.core.query.Query createQuery(String methodName, Object... args) throws NoSuchMethodException {