db: Prevent generic query logs from replacing inserted content

freya022 · freya022 · commit 2308e6394981 · 2025-10-18T20:00:57.000+02:00
diff --git a/BotCommands-core/src/main/kotlin/io/github/freya022/botcommands/internal/core/db/query/GenericParametrizedQueryFactory.kt b/BotCommands-core/src/main/kotlin/io/github/freya022/botcommands/internal/core/db/query/GenericParametrizedQueryFactory.kt
@@ -30,7 +30,7 @@ internal object GenericParametrizedQueryFactory : ParametrizedQueryFactory<Gener
                 val value = values[paramIndex] ?: "?"
 
                 builder.replace(builderIndex, builderIndex + 1, value)
-                builderIndex++ //as to not keep seeking the same character
+                builderIndex += value.length // Ensure we don't try to find characters in what we inserted
                 paramIndex++
             }
 
@@ -41,4 +41,4 @@ internal object GenericParametrizedQueryFactory : ParametrizedQueryFactory<Gener
     override fun isSupported(connection: Connection, databaseMetaData: DatabaseMetaData): Boolean = true
 
     override fun get(preparedStatement: PreparedStatement, sql: String): GenericParametrizedQuery = GenericParametrizedQuery(preparedStatement, sql)
-}
+}
diff --git a/BotCommands-core/src/test/kotlin/io/github/freya022/botcommands/db/query/GenericParametrizedQueryTests.kt b/BotCommands-core/src/test/kotlin/io/github/freya022/botcommands/db/query/GenericParametrizedQueryTests.kt
@@ -0,0 +1,41 @@
+package io.github.freya022.botcommands.db.query
+
+import io.github.freya022.botcommands.internal.core.db.query.GenericParametrizedQueryFactory.GenericParametrizedQuery
+import io.mockk.every
+import io.mockk.mockk
+import org.junit.jupiter.params.ParameterizedTest
+import org.junit.jupiter.params.provider.Arguments
+import org.junit.jupiter.params.provider.MethodSource
+import java.sql.PreparedStatement
+import kotlin.test.assertEquals
+
+object GenericParametrizedQueryTests {
+
+    @MethodSource("parametrizedQueries")
+    @ParameterizedTest
+    fun `Format parametrized queries`(query: String, expected: String, values: Map<Int, Any>) {
+        val statement = mockk<PreparedStatement> {
+            every { enquoteLiteral(any()) } answers { callOriginal() }
+        }
+        val query = GenericParametrizedQuery(statement, query)
+        values.forEach { (key, value) -> query.addValue(key, value) }
+
+        assertEquals(expected, query.toSql())
+    }
+
+    @JvmStatic
+    fun parametrizedQueries(): List<Arguments> = listOf(
+        parametrizedQuery(
+            name = "Ensure '?' in content is not replaced",
+            query = "insert into test (a, b) values (?, ?)",
+            expected = "insert into test (a, b) values ('?', 1)",
+            values = mapOf(
+                1 to "?",
+                2 to 1,
+            )
+        ),
+    )
+
+    private fun parametrizedQuery(name: String, query: String, expected: String, values: Map<Int, Any>): Arguments =
+        Arguments.argumentSet(name, query, expected, values)
+}
