Escape quotes and backslashes when performing substitution

zentity-io · May 7, 2024 · b5c00ba · b5c00ba
1 parent dc179ca
commit b5c00ba
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 2 deletions.
diff --git a/src/main/java/io/zentity/common/Json.java b/src/main/java/io/zentity/common/Json.java
@@ -37,7 +37,7 @@ public static String quoteString(String value) {
         return jsonStringFormat(value);
     }
 
-    private static String jsonStringEscape(String value) {
+    public static String jsonStringEscape(String value) {
         if (value == null)
             return "null"; // Prevents NullPointerException on STRING_ENCODER.quoteAsString()
         return new String(STRING_ENCODER.quoteAsString(value));

diff --git a/src/main/java/io/zentity/resolution/Query.java b/src/main/java/io/zentity/resolution/Query.java
@@ -141,14 +141,16 @@ public static String makeScriptFieldsClause(Input input, String indexName) throw
      */
     public static String populateMatcherClause(Matcher matcher, String indexFieldName, String value, Map<String, String> params) throws ValidationException {
         String matcherClause = matcher.clause();
+        // Quotes and backslashes need to be escaped for the matcher to correctly perform the substitution
+        String escapedValue = java.util.regex.Matcher.quoteReplacement(Json.jsonStringEscape(value));
         for (String variable : matcher.variables().keySet()) {
             Pattern pattern = matcher.variables().get(variable);
             switch (variable) {
                 case "field":
                     matcherClause = pattern.matcher(matcherClause).replaceAll(indexFieldName);
                     break;
                 case "value":
-                    matcherClause = pattern.matcher(matcherClause).replaceAll(value);
+                    matcherClause = pattern.matcher(matcherClause).replaceAll(escapedValue);
                     break;
                 default:
                     java.util.regex.Matcher m = Patterns.VARIABLE_PARAMS.matcher(variable);

diff --git a/src/test/java/io/zentity/resolution/JobTest.java b/src/test/java/io/zentity/resolution/JobTest.java
@@ -109,6 +109,29 @@ public void testPopulateMatcherClauseIgnoreUnusedParams() throws Exception {
         Assert.assertEquals(matcherClause, expected);
     }
 
+    /**
+     * Sometimes the value extracted from the document contains quotations or backslashes that need to be escaped
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testPopulateMatcherClauseQuoteJsonString() throws Exception {
+        String matcherJson = "{\n" +
+                "  \"clause\": {\n" +
+                "    \"match\": {\n" +
+                "      \"{{ field }}\": \"{{ value }}\"\n" +
+                "    }" +
+                "  }\n" +
+                "}";
+        String nameAlias = "The \"One\"";
+        Matcher matcher = new Matcher("matcher_alias", matcherJson);
+        TreeMap<String, String> params = new TreeMap<>();
+        params.put("foo", "bar");
+        String matcherClause = Query.populateMatcherClause(matcher, "field_alias", nameAlias, params);
+        String expected = "{\"match\":{\"field_alias\":\"The \\\"One\\\"\"}}";
+        Assert.assertEquals(expected, matcherClause);
+    }
+
     /**
      * Populate the clause of a matcher by substituting the {{ field }} and {{ value }} variables,
      * but don't include {{ field }} and expect an exception to be raised.