Sanitize special characters before building search query for postgres
Signed-off-by: Oliver Sand <oliver.sand@sda-se.com>
This commit is contained in:
@@ -0,0 +1,5 @@
|
||||
---
|
||||
'@backstage/plugin-search-backend-module-pg': patch
|
||||
---
|
||||
|
||||
Sanitize special characters before building search query for postgres
|
||||
@@ -65,6 +65,17 @@ describe('PgSearchEngine', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should sanitize query term', async () => {
|
||||
const actualTranslatedQuery = searchEngine.translator({
|
||||
term: 'H&e|l!l*o W\0o(r)l:d',
|
||||
pageCursor: '',
|
||||
}) as PgSearchQuery;
|
||||
|
||||
expect(actualTranslatedQuery).toMatchObject({
|
||||
pgTerm: '("Hello" | "Hello":*)&("World" | "World":*)',
|
||||
});
|
||||
});
|
||||
|
||||
it('should return translated query with filters', async () => {
|
||||
const actualTranslatedQuery = searchEngine.translator({
|
||||
term: 'testTerm',
|
||||
|
||||
@@ -50,7 +50,7 @@ export class PgSearchEngine implements SearchEngine {
|
||||
return {
|
||||
pgTerm: query.term
|
||||
.split(/\s/)
|
||||
.map(p => p.trim())
|
||||
.map(p => p.replace(/[\0()|&:*!]/g, '').trim())
|
||||
.filter(p => p !== '')
|
||||
.map(p => `(${JSON.stringify(p)} | ${JSON.stringify(p)}:*)`)
|
||||
.join('&'),
|
||||
|
||||
Reference in New Issue
Block a user