Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSW GetRecords doesn't escape query values when creating the Elasticsearch query #7529

Merged
merged 4 commits into from
Jan 11, 2024
Merged

CSW GetRecords doesn't escape query values when creating the Elasticsearch query #7529

merged 4 commits into from
Jan 11, 2024

Conversation

josegar74
Copy link
Member

@josegar74 josegar74 commented Dec 1, 2023
edited by juanluisrp
Loading

See #7527

Includes also Sonarlint improvements.

Checklist

  • I have read the [contribution guidelines](https://github.com/geonetwork/core-geonetwork/blob/main/CONTRIBUTING.md
  • Pull request provided for main branch, backports managed with label
  • Good housekeeping of code, cleaning up comments, tests, and documentation
  • Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests)
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation

@josegar74 josegar74 added this to the 4.4.2 milestone Dec 1, 2023
fxprunayre
fxprunayre reviewed Jan 5, 2024
View reviewed changes
csw-server/src/main/java/org/fao/geonet/kernel/csw/services/getrecords/es/CswFilter2Es.java Outdated
@@ -199,7 +181,7 @@ protected static String escapeLikeLiteral(String text) {
}

protected static String convertLikePattern(PropertyIsLike filter) {
String result = filter.getLiteral();
String result = StringEscapeUtils.escapeJson(filter.getLiteral());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be safer to escapeJson the result at the end ? because the filter may contain characters for escapeChar, wildcard and singleChar which will not be processed with escapeJson so the next lines may fail to do proper replacement.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 6c18b14

@josegar74
CSW GetRecords doesn't escape query values when creating the Elastics…
8e0bad2 
…earch query / Escape Elasticsearch special chars in EQUAL / NOT EQUAL literal queries
@josegar74
CSW GetRecords doesn't escape query values when creating the Elastics…
6c18b14 
…earch query / Escape Elasticsearch special chars in IS LIKE literal queries
@f-necas
Copy link
Contributor

f-necas commented Jan 5, 2024

Hello @josegar74,

I'm quite interested by this fix. I'll make tests on my side too with it.

Thanks a lot by the way for this.
(And happy new year !)

@f-necas f-necas mentioned this pull request Jan 9, 2024
Merged
@juanluisrp
fixup! CSW GetRecords doesn't escape query values when creating the E…
07f2d0e 
…lasticsearch query / Escape Elasticsearch special chars in IS LIKE literal queries
juanluisrp
juanluisrp approved these changes Jan 11, 2024
View reviewed changes
Copy link
Contributor

@juanluisrp juanluisrp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@juanluisrp juanluisrp merged commit 23140d5 into geonetwork:main Jan 11, 2024
6 checks passed
juanluisrp added a commit that referenced this pull request Jan 11, 2024
@josegar74 @juanluisrp
[BP]CSW GetRecords doesn't escape query values when creating the Elas…
f73720a 
…ticsearch query (#7529)

CSW GetRecords doesn't escape query values when creating the Elasticsearch query / Escape Elasticsearch special chars in EQUAL / NOT EQUAL / IS LIKE literal queries

Fixes #7527.
Backport of #7529.
---------

Co-authored-by: Juan Luis Rodríguez <juanluisrp@gmail.com>
@juanluisrp juanluisrp deleted the cswfilter-escape-chars branch January 11, 2024 11:52
@juanluisrp juanluisrp mentioned this pull request Feb 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fxprunayre fxprunayre fxprunayre left review comments

@juanluisrp juanluisrp juanluisrp approved these changes

Assignees
No one assigned
Labels
backport 4.2.x bug
Projects
None yet
Milestone
4.4.2
Development

Successfully merging this pull request may close these issues.
4 participants
@josegar74 @f-necas @juanluisrp @fxprunayre