fix(query): escape wildcards in text search (#7131) (#7135)

* fix(query): escape like wildcards * test: search query wildcards * add do nothing
2025-08-11 19:17:32 +00:00 · 2024-01-02 16:27:36 +01:00
parent 9892fd92b6
commit 8bc56f6fe7
6 changed files with 736 additions and 51 deletions
--- a/internal/view/repository/query.go
+++ b/internal/view/repository/query.go
@@ -95,36 +95,42 @@ func SetQuery(query *gorm.DB, key ColumnKey, value interface{}, method domain.Se
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-SLj7s", "Starts with only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where(column+" LIKE ?", valueText+"%")
 	case domain.SearchMethodStartsWithIgnoreCase:
 		valueText, ok := value.(string)
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-eidus", "Starts with ignore case only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where("LOWER("+column+") LIKE LOWER(?)", valueText+"%")
 	case domain.SearchMethodEndsWith:
 		valueText, ok := value.(string)
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-Hswd3", "Ends with only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where(column+" LIKE ?", "%"+valueText)
 	case domain.SearchMethodEndsWithIgnoreCase:
 		valueText, ok := value.(string)
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-dAG31", "Ends with ignore case only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where("LOWER("+column+") LIKE LOWER(?)", "%"+valueText)
 	case domain.SearchMethodContains:
 		valueText, ok := value.(string)
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-3ids", "Contains with only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where(column+" LIKE ?", "%"+valueText+"%")
 	case domain.SearchMethodContainsIgnoreCase:
 		valueText, ok := value.(string)
 		if !ok {
 			return nil, zerrors.ThrowInvalidArgument(nil, "VIEW-eid73", "Contains with ignore case only possible for strings")
 		}
+		valueText = database.EscapeLikeWildcards(valueText)
 		query = query.Where("LOWER("+column+") LIKE LOWER(?)", "%"+valueText+"%")
 	case domain.SearchMethodNotEquals:
 		query = query.Where(""+column+" <> ?", value)
--- a/internal/view/repository/query_test.go
+++ b/internal/view/repository/query_test.go
@@ -1,6 +1,7 @@
 package repository

 import (
+	"reflect"
 	"testing"

 	"github.com/jinzhu/gorm"
@@ -155,3 +156,304 @@ func TestPrepareSearchQuery(t *testing.T) {
 		})
 	}
 }
+
+func TestSetQuery(t *testing.T) {
+	query := mockDB(t).db.Select("test_field").Table("test_table")
+	exprPrefix := `(SELECT test_field FROM "test_table"  WHERE `
+	type args struct {
+		key    ColumnKey
+		value  interface{}
+		method domain.SearchMethod
+	}
+	type want struct {
+		isErr func(t *testing.T, got error)
+		query *gorm.SqlExpr
+	}
+	tests := []struct {
+		name string
+		args args
+		want want
+	}{
+		{
+			name: "contains",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodContains,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%asdf%"),
+			},
+		},
+		{
+			name: "contains _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodContains,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\_df%"),
+			},
+		},
+		{
+			name: "contains % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodContains,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\%df%"),
+			},
+		},
+		{
+			name: "contains % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodContains,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%a\\_s\\%d\\_f%"),
+			},
+		},
+		{
+			name: "starts with",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodStartsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "asdf%"),
+			},
+		},
+		{
+			name: "starts with _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodStartsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "as\\_df%"),
+			},
+		},
+		{
+			name: "starts with % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodStartsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "as\\%df%"),
+			},
+		},
+		{
+			name: "starts with % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodStartsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "a\\_s\\%d\\_f%"),
+			},
+		},
+		{
+			name: "ends with",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodEndsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%asdf"),
+			},
+		},
+		{
+			name: "ends with _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodEndsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\_df"),
+			},
+		},
+		{
+			name: "ends with % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodEndsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%as\\%df"),
+			},
+		},
+		{
+			name: "ends with % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodEndsWith,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(test LIKE ?))", "%a\\_s\\%d\\_f"),
+			},
+		},
+		{
+			name: "starts with ignore case",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodStartsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "asdf%"),
+			},
+		},
+		{
+			name: "starts with ignore case _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodStartsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "as\\_df%"),
+			},
+		},
+		{
+			name: "starts with ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodStartsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "as\\%df%"),
+			},
+		},
+		{
+			name: "starts with ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodStartsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "a\\_s\\%d\\_f%"),
+			},
+		},
+		{
+			name: "ends with ignore case",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodEndsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%asdf"),
+			},
+		},
+		{
+			name: "ends with ignore case _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodEndsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\_df"),
+			},
+		},
+		{
+			name: "ends with ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodEndsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\%df"),
+			},
+		},
+		{
+			name: "ends with ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodEndsWithIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%a\\_s\\%d\\_f"),
+			},
+		},
+		{
+			name: "contains ignore case",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "asdf",
+				method: domain.SearchMethodContainsIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%asdf%"),
+			},
+		},
+		{
+			name: "contains ignore case _ wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as_df",
+				method: domain.SearchMethodContainsIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\_df%"),
+			},
+		},
+		{
+			name: "contains ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "as%df",
+				method: domain.SearchMethodContainsIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%as\\%df%"),
+			},
+		},
+		{
+			name: "contains ignore case % wildcard",
+			args: args{
+				key:    TestSearchKey_TEST,
+				value:  "a_s%d_f",
+				method: domain.SearchMethodContainsIgnoreCase,
+			},
+			want: want{
+				query: gorm.Expr(exprPrefix+"(LOWER(test) LIKE LOWER(?)))", "%a\\_s\\%d\\_f%"),
+			},
+		},
+	}
+	for _, tt := range tests {
+		if tt.want.isErr == nil {
+			tt.want.isErr = func(t *testing.T, got error) {
+				if got == nil {
+					return
+				}
+				t.Errorf("no error expected got: %v", got)
+			}
+		}
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := SetQuery(query, tt.args.key, tt.args.value, tt.args.method)
+			tt.want.isErr(t, err)
+			if !reflect.DeepEqual(got.SubQuery(), tt.want.query) {
+				t.Errorf("unexpected query: \nwant: %v\n got: %v", *tt.want.query, *got.SubQuery())
+			}
+		})
+	}
+}