Escape \r

google · Dec 1, 2023 · b30a5dd · b30a5dd
1 parent 529c74f
commit b30a5dd
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 5 deletions.
diff --git a/mug-guava/src/main/java/com/google/mu/safesql/SafeQuery.java b/mug-guava/src/main/java/com/google/mu/safesql/SafeQuery.java
@@ -232,16 +232,15 @@ private static String quotedBy(char quoteChar, Substring.Match placeholder, Obje
         quoteChar,
         placeholder,
         quoteChar);
-    return first(CharPredicate.is('\\').or(quoteChar).or('\n'))
+    return first(CharPredicate.is('\\').or(quoteChar).or('\n').or('\r'))
         .repeatedly()
         .replaceAllFrom(
             value.toString(),
             c -> {
               switch (c.charAt(0)) {
-                case '\n':
-                  return "\\n";
-                default:
-                  return "\\" + c;
+                case '\r': return "\\r";
+                case '\n': return "\\n";
+                default: return "\\" + c;
               }
             });
   }

diff --git a/mug-guava/src/test/java/com/google/mu/safesql/SafeQueryTest.java b/mug-guava/src/test/java/com/google/mu/safesql/SafeQueryTest.java
@@ -83,6 +83,30 @@ public void newLineDisallowedWithinBackticks() {
     assertThrows(IllegalArgumentException.class, () -> template.with(/* tbl */ "a\nb"));
   }
 
+  @Test
+  public void carriageReturnEscapedWithinSingleQuote() {
+    assertThat(template("SELECT * FROM tbl WHERE id = '{id}'").with("\r"))
+        .isEqualTo(SafeQuery.of("SELECT * FROM tbl WHERE id = '\\r'"));
+  }
+
+  @Test
+  public void carriageReturnEscapedWithinDoubleQuote() {
+    assertThat(template("SELECT * FROM tbl WHERE id = \"{id}\"").with("\r"))
+        .isEqualTo(SafeQuery.of("SELECT * FROM tbl WHERE id = \"\\r\""));
+  }
+
+  @Test
+  public void carriageReturnDisallowedWithinBackticks() {
+    StringFormat.To<SafeQuery> template = template("SELECT * FROM `{tbl}`");
+    assertThrows(IllegalArgumentException.class, () -> template.with(/* tbl */ "a\rb"));
+  }
+
+  @Test
+  public void carriageReturnAndLineFeedEscapedWithinDoubleQuote() {
+    assertThat(template("SELECT * FROM tbl WHERE id = \"{id}\"").with("a\r\nb"))
+        .isEqualTo(SafeQuery.of("SELECT * FROM tbl WHERE id = \"a\\r\\nb\""));
+  }
+
   @Test
   public void singleQuoteNotEscapedWithinDoubleQuote() {
     assertThat(template("SELECT * FROM tbl WHERE id = \"{id}\"").with("'v'"))