Sanitize special characters before building search query for postgres

Signed-off-by: Oliver Sand <oliver.sand@sda-se.com>
This commit is contained in:
Oliver Sand
2021-08-19 18:58:51 +02:00
parent 2f291dfd04
commit 80c5620397
3 changed files with 17 additions and 1 deletions
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-search-backend-module-pg': patch
---
Sanitize special characters before building search query for postgres
@@ -65,6 +65,17 @@ describe('PgSearchEngine', () => {
});
});
it('should sanitize query term', async () => {
const actualTranslatedQuery = searchEngine.translator({
term: 'H&e|l!l*o W\0o(r)l:d',
pageCursor: '',
}) as PgSearchQuery;
expect(actualTranslatedQuery).toMatchObject({
pgTerm: '("Hello" | "Hello":*)&("World" | "World":*)',
});
});
it('should return translated query with filters', async () => {
const actualTranslatedQuery = searchEngine.translator({
term: 'testTerm',
@@ -50,7 +50,7 @@ export class PgSearchEngine implements SearchEngine {
return {
pgTerm: query.term
.split(/\s/)
.map(p => p.trim())
.map(p => p.replace(/[\0()|&:*!]/g, '').trim())
.filter(p => p !== '')
.map(p => `(${JSON.stringify(p)} | ${JSON.stringify(p)}:*)`)
.join('&'),