From baaa70b97f4d9ba9d851cfb45bff85ff2a7ff35a Mon Sep 17 00:00:00 2001 From: Roman Sharkov Date: Thu, 13 Jun 2019 23:57:41 +0200 Subject: [PATCH] Fix gqlshield bugs - Fix escaped characters in strings - Fix escaped quatation marks --- api/gqlshield/prepareQuery.go | 7 ++++++- api/gqlshield/prepareQuery_test.go | 12 ++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/api/gqlshield/prepareQuery.go b/api/gqlshield/prepareQuery.go index 2154285..4b19987 100644 --- a/api/gqlshield/prepareQuery.go +++ b/api/gqlshield/prepareQuery.go @@ -1,5 +1,7 @@ package gqlshield +import "strings" + func prepareQuery(query []byte) ([]byte, error) { if len(query) < 1 { return nil, Error{ @@ -8,6 +10,9 @@ func prepareQuery(query []byte) ([]byte, error) { } } + // Hot-fix escaped quatation marks + query = []byte(strings.Replace(string(query), `\"`, `"`, -1)) + start := int(-1) shift := int(0) tail := len(query) @@ -41,7 +46,7 @@ LEADING_LOOP: for ; i < len(query); i++ { char := query[i] - if char == '\\' && i+1 < len(query) { + if !inString && char == '\\' && i+1 < len(query) { switch query[i+1] { case 't': // escaped tab diff --git a/api/gqlshield/prepareQuery_test.go b/api/gqlshield/prepareQuery_test.go index 5e39b57..60d2b41 100644 --- a/api/gqlshield/prepareQuery_test.go +++ b/api/gqlshield/prepareQuery_test.go @@ -179,3 +179,15 @@ func TestEscaped(t *testing.T) { string(out), ) } + +func TestEscapedQuotationMark(t *testing.T) { + out, err := prepareQuery( + []byte("mutation {\n createCustomer(email: \\\"roman.sharkov@qbeon.com\\\", firstName: \\\"Roman\\\", lastName: \\\"Sharkov\\\", password: \\\"123\\\") {\n id\n registration\n firstName\n lastName\n email\n sessions {\n creation\n key\n }\n }\n}\n"), + ) + require.NoError(t, err) + require.Equal( + t, + string([]byte("mutation { createCustomer(email: \"roman.sharkov@qbeon.com\", firstName: \"Roman\", lastName: \"Sharkov\", password: \"123\") { id registration firstName lastName email sessions { creation key } } }")), + string(out), + ) +}