Fix gqlshield bugs

- Fix escaped characters in strings - Fix escaped quatation marks
romshark · Jun 13, 2019 · baaa70b · baaa70b
1 parent 418ada0
commit baaa70b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/api/gqlshield/prepareQuery.go b/api/gqlshield/prepareQuery.go
@@ -1,5 +1,7 @@
 package gqlshield
 
+import "strings"
+
 func prepareQuery(query []byte) ([]byte, error) {
 	if len(query) < 1 {
 		return nil, Error{
@@ -8,6 +10,9 @@ func prepareQuery(query []byte) ([]byte, error) {
 		}
 	}
 
+	// Hot-fix escaped quatation marks
+	query = []byte(strings.Replace(string(query), `\"`, `"`, -1))
+
 	start := int(-1)
 	shift := int(0)
 	tail := len(query)
@@ -41,7 +46,7 @@ LEADING_LOOP:
 
 	for ; i < len(query); i++ {
 		char := query[i]
-		if char == '\\' && i+1 < len(query) {
+		if !inString && char == '\\' && i+1 < len(query) {
 			switch query[i+1] {
 			case 't':
 				// escaped tab

diff --git a/api/gqlshield/prepareQuery_test.go b/api/gqlshield/prepareQuery_test.go
@@ -179,3 +179,15 @@ func TestEscaped(t *testing.T) {
 		string(out),
 	)
 }
+
+func TestEscapedQuotationMark(t *testing.T) {
+	out, err := prepareQuery(
+		[]byte("mutation {\n  createCustomer(email: \\\"[email protected]\\\", firstName: \\\"Roman\\\", lastName: \\\"Sharkov\\\", password: \\\"123\\\") {\n    id\n    registration\n    firstName\n    lastName\n    email\n    sessions {\n      creation\n      key\n    }\n  }\n}\n"),
+	)
+	require.NoError(t, err)
+	require.Equal(
+		t,
+		string([]byte("mutation { createCustomer(email: \"[email protected]\", firstName: \"Roman\", lastName: \"Sharkov\", password: \"123\") { id registration firstName lastName email sessions { creation key } } }")),
+		string(out),
+	)
+}