HHH-10446 - Comment delimiters not "escaped" within (VAR)CHAR literals within native queries

This commit is contained in:
Steve Ebersole 2016-01-25 20:54:59 -06:00
parent 6732e04058
commit bb109139e8
2 changed files with 45 additions and 22 deletions

View File

@ -94,7 +94,20 @@ public class ParameterParser {
final char c = sqlString.charAt( indx ); final char c = sqlString.charAt( indx );
final boolean lastCharacter = indx == stringLength-1; final boolean lastCharacter = indx == stringLength-1;
if ( inDelimitedComment ) { // if we are "in" a certain context, check first for the end of that context
if ( inSingleQuotes ) {
recognizer.other( c );
if ( '\'' == c ) {
inSingleQuotes = false;
}
}
else if ( inDoubleQuotes ) {
recognizer.other( c );
if ( '\"' == c ) {
inDoubleQuotes = false;
}
}
else if ( inDelimitedComment ) {
recognizer.other( c ); recognizer.other( c );
if ( !lastCharacter && '*' == c && '/' == sqlString.charAt( indx+1 ) ) { if ( !lastCharacter && '*' == c && '/' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = false; inDelimitedComment = false;
@ -102,12 +115,6 @@ public class ParameterParser {
indx++; indx++;
} }
} }
else if ( !lastCharacter && '/' == c && '*' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = true;
recognizer.other( c );
recognizer.other( sqlString.charAt( indx+1 ) );
indx++;
}
else if ( inLineComment ) { else if ( inLineComment ) {
recognizer.other( c ); recognizer.other( c );
// see if the character ends the line // see if the character ends the line
@ -122,6 +129,13 @@ public class ParameterParser {
} }
} }
} }
// otherwise, see if we start such a context
else if ( !lastCharacter && '/' == c && '*' == sqlString.charAt( indx+1 ) ) {
inDelimitedComment = true;
recognizer.other( c );
recognizer.other( sqlString.charAt( indx+1 ) );
indx++;
}
else if ( '-' == c ) { else if ( '-' == c ) {
recognizer.other( c ); recognizer.other( c );
if ( !lastCharacter && '-' == sqlString.charAt( indx+1 ) ) { if ( !lastCharacter && '-' == sqlString.charAt( indx+1 ) ) {
@ -130,30 +144,20 @@ public class ParameterParser {
indx++; indx++;
} }
} }
else if ( inDoubleQuotes ) {
if ( '\"' == c ) {
inDoubleQuotes = false;
}
recognizer.other( c );
}
else if ( '\"' == c ) { else if ( '\"' == c ) {
inDoubleQuotes = true; inDoubleQuotes = true;
recognizer.other( c ); recognizer.other( c );
} }
else if ( inSingleQuotes ) {
if ( '\'' == c ) {
inSingleQuotes = false;
}
recognizer.other( c );
}
else if ( '\'' == c ) { else if ( '\'' == c ) {
inSingleQuotes = true; inSingleQuotes = true;
recognizer.other( c ); recognizer.other( c );
} }
// special handling for backslash
else if ( '\\' == c ) { else if ( '\\' == c ) {
// skip sending the backslash and instead send then next character, treating is as a literal // skip sending the backslash and instead send then next character, treating is as a literal
recognizer.other( sqlString.charAt( ++indx ) ); recognizer.other( sqlString.charAt( ++indx ) );
} }
// otherwise
else { else {
if ( c == ':' ) { if ( c == ':' ) {
// named parameter // named parameter

View File

@ -6,12 +6,13 @@
*/ */
package org.hibernate.engine.query; package org.hibernate.engine.query;
import org.junit.Test;
import org.hibernate.engine.query.spi.ParamLocationRecognizer; import org.hibernate.engine.query.spi.ParamLocationRecognizer;
import org.hibernate.engine.query.spi.ParameterParser; import org.hibernate.engine.query.spi.ParameterParser;
import org.hibernate.testing.junit4.BaseUnitTestCase;
import org.hibernate.testing.junit4.BaseUnitTestCase;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
@ -48,6 +49,24 @@ public class ParameterParserTest extends BaseUnitTestCase {
assertTrue(recognizer.getNamedParameterDescriptionMap().containsKey("param")); assertTrue(recognizer.getNamedParameterDescriptionMap().containsKey("param"));
} }
@Test
public void testDoubleDashInCharLiteral() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer();
ParameterParser.parse("select coalesce(i.name, '--NONE--') as itname from Item i where i.intVal=? ",recognizer);
assertEquals( 1, recognizer.getOrdinalParameterLocationList().size() );
}
@Test
public void testSlashStarInCharLiteral() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer();
ParameterParser.parse("select coalesce(i.name, '/*NONE') as itname from Item i where i.intVal=? ",recognizer);
assertEquals( 1, recognizer.getOrdinalParameterLocationList().size() );
}
@Test @Test
public void testApostropheInOracleAlias() { public void testApostropheInOracleAlias() {
ParamLocationRecognizer recognizer = new ParamLocationRecognizer(); ParamLocationRecognizer recognizer = new ParamLocationRecognizer();