Sql sanitizer: handle double quoted table names #5699
Conversation
| if (operation.mainTable != null && operation.mainTable.startsWith("\"") && operation.mainTable.endsWith("\"")) { | ||
| operation.mainTable = operation.mainTable.substring(1, operation.mainTable.length() - 1); | ||
| } |
There was a problem hiding this comment.
Nit: WDYT about moving this if into the handleIdentifier() method?
There was a problem hiding this comment.
Added a method that reads text matched by current token and strips double quotes and backticks.
| @@ -105,6 +105,8 @@ class SqlStatementSanitizerTest extends Specification { | |||
| sql | expected | |||
| // Select | |||
| 'SELECT x, y, z FROM schema.table' | SqlStatementInfo.create(sql, 'SELECT', 'schema.table') | |||
| 'SELECT x, y, z FROM `schema.table`' | SqlStatementInfo.create(sql, 'SELECT', 'schema.table') | |||
There was a problem hiding this comment.
Wait, did we have backtick ` parsing?
There was a problem hiding this comment.
Yes, this already worked just didn't have a test.
There was a problem hiding this comment.
Actually it only works fine when you don't have a space inside backticks. If there is a space it returns the first word as the table name.
There was a problem hiding this comment.
Hm, we don't have any special rules for backticks, I guess they're just treated as "other characters" - that maybe that behavior is caused by this?
There was a problem hiding this comment.
yes, hopefully fixed now.
* Sql sanitizer: handle double quoted table names * handle backtick * strip double quotes and backtick from table name in a separate method
Resolves #5691