fix(core): String in query values should be escaped (#2891)

ceramicnetwork · Aug 11, 2023 · 6bd02d7 · 6bd02d7
1 parent cb82115
commit 6bd02d7
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 2 deletions.
diff --git a/packages/core/src/indexing/__tests__/query-filter-converter.test.ts b/packages/core/src/indexing/__tests__/query-filter-converter.test.ts
@@ -39,6 +39,18 @@ describe('Should convert query filters', () => {
       `select '${DATA_FIELD}' from 'test' where (((cast(${DATA_FIELD}->>'a' as numeric)=1.2)))`
     )
   })
+  test('that are composed of a single doc filter with in string query', () => {
+    const query = createQuery({
+      type: 'where',
+      value: {
+        a: { type: 'string', op: 'in', value: ['a', 'b'] },
+      },
+    })
+
+    expect(query).toEqual(
+      `select '${DATA_FIELD}' from 'test' where ((cast(${DATA_FIELD}->>'a' as varchar) in ('a','b')))`
+    )
+  })
   test('that are composed of a single doc filter with null', () => {
     const query = createQuery({
       type: 'where',

diff --git a/packages/core/src/indexing/__tests__/query-filter-parser.test.ts b/packages/core/src/indexing/__tests__/query-filter-parser.test.ts
@@ -15,6 +15,19 @@ describe('Should parse query filters', () => {
       },
     })
   })
+  test('that are composed of a single in query', () => {
+    const parsed = parseQueryFilters({
+      where: {
+        a: { in: ['b', 'c'] },
+      },
+    })
+    expect(parsed).toEqual({
+      type: 'where',
+      value: {
+        a: { type: 'string', op: 'in', value: ['b', 'c'] },
+      },
+    })
+  })
   test('that are composed of a null query', () => {
     const parsed = parseQueryFilters({
       where: {

diff --git a/packages/core/src/indexing/query-filter-converter.ts b/packages/core/src/indexing/query-filter-converter.ts
@@ -89,8 +89,13 @@ function handleIn<T extends number | string>(
   negated: boolean,
   combinator?: Combinator
 ): DBQuery {
-  const arrValue = value.map((v) => v.toString()).join(',')
   const cast = nonBooleanTypeAsCast(tpe)
+  let arrValue
+  if (cast == 'varchar') {
+    arrValue = value.map((v) => `'${v}'`).join(',')
+  } else {
+    arrValue = value.map((v) => `${v}`).join(',')
+  }
   const inner = (bldr) => {
     let op = ' in '
     if (negated) {

diff --git a/packages/http-client/src/dummy-pin-api.ts b/packages/http-client/src/dummy-pin-api.ts
@@ -2,7 +2,9 @@ import { PinApi, PublishOpts } from '@ceramicnetwork/common'
 import { StreamID } from '@ceramicnetwork/streamid'
 
 function warn(operation: string) {
-  console.warn(`You are using the ceramic.pin.${operation} API which has been removed and is now a no-op.  This operation will not have any affect.  If you want to change the pin state of streams please use the new ceramic.admin.pin API which requires a DID that has been granted admin access on the Ceramic node.`)
+  console.warn(
+    `You are using the ceramic.pin.${operation} API which has been removed and is now a no-op.  This operation will not have any affect.  If you want to change the pin state of streams please use the new ceramic.admin.pin API which requires a DID that has been granted admin access on the Ceramic node.`
+  )
 }
 
 export class DummyPinApi implements PinApi {

diff --git a/packages/stream-tests/src/__tests__/basic-indexing.test.ts b/packages/stream-tests/src/__tests__/basic-indexing.test.ts
@@ -460,6 +460,26 @@ describe.each(envs)('Basic end-to-end indexing query test for $dbEngine', (env)
       expect(results.length).toEqual(1)
       expect(JSON.stringify(results[0].content)).toEqual(JSON.stringify(doc4.content))
     })
+    test('Can query documents by string in array', async () => {
+      const doc1 = await ModelInstanceDocument.create(ceramic, CONTENT0, midMetadata)
+      const doc2 = await ModelInstanceDocument.create(ceramic, CONTENT1, midMetadata)
+      const doc3 = await ModelInstanceDocument.create(ceramic, CONTENT3, midMetadata)
+      const doc4 = await ModelInstanceDocument.create(ceramic, CONTENT5, midMetadata)
+      const doc5 = await ModelInstanceDocument.create(ceramic, CONTENT6, midMetadata)
+
+      const resultObj0 = await ceramic.index.query({
+        model: model.id,
+        last: 2,
+        queryFilters: {
+          where: { myString: { in: ['a', 'c'] } },
+        },
+      })
+
+      const results = extractDocuments(ceramic, resultObj0)
+      expect(results.length).toEqual(2)
+      expect(JSON.stringify(results[0].content)).toEqual(JSON.stringify(doc2.content))
+      expect(JSON.stringify(results[1].content)).toEqual(JSON.stringify(doc4.content))
+    })
     test('Can query multiple documents by field', async () => {
       const doc1 = await ModelInstanceDocument.create(ceramic, CONTENT0, midMetadata)
       const doc2 = await ModelInstanceDocument.create(ceramic, CONTENT2, midMetadata)