Merge pull request #55 from wgevaert/improve-name-escape

wgevaert · web-flow · commit 2fd1194eef48 · 2022-06-29T09:35:14.000+02:00
Be less strict about escaping.
diff --git a/src/Traits/ErrorTrait.php b/src/Traits/ErrorTrait.php
@@ -35,7 +35,6 @@
 use function is_resource;
 use function is_string;
 use function key;
-use function preg_match;
 use function strpos;
 use TypeError;
 
@@ -110,11 +109,8 @@ private static function assertValidName(string $name): void
             throw new InvalidArgumentException("A name cannot be an empty string");
         }
 
-        if (!preg_match('/^\p{L}[\p{L}\d_]*$/u', $name)) {
-            throw new InvalidArgumentException('A name can only contain alphanumeric characters and underscores and must begin with an alphabetic character');
-        }
-
         if (strlen($name) >= 65535) {
+            // Remark: Actual limit depends on Neo4j version, but we just take the lower bound.
             throw new InvalidArgumentException('A name cannot be longer than 65534 characters');
         }
     }
diff --git a/src/Traits/EscapeTrait.php b/src/Traits/EscapeTrait.php
@@ -21,7 +21,9 @@
 
 namespace WikibaseSolutions\CypherDSL\Traits;
 
-use InvalidArgumentException;
+use function preg_match;
+use function sprintf;
+use function str_replace;
 
 /**
  * Trait for encoding certain structures that are used in multiple clauses in a
@@ -30,25 +32,31 @@
 trait EscapeTrait
 {
     /**
-     * Escapes the given 'name'. A name is an unquoted literal in a Cypher query, such as variables,
-     * types or property names.
+     * Escapes a 'name' if it needs to be escaped.
+     * @see https://neo4j.com/docs/cypher-manual/4.4/syntax/naming
+     * A 'name' in cypher is any string that should be included directly in a cypher query,
+     * such as variable names, labels, property names and relation types
      *
      * @param string $name
      * @return string
      */
     public static function escape(string $name): string
     {
-        if ($name === "") {
-            return "";
-        }
-
-        if (ctype_alnum($name) && !ctype_digit($name)) {
+        if (preg_match('/^\p{L}[\p{L}\d_]*$/u', $name)) {
             return $name;
         }
 
-        if (strpos($name, '`') !== false) {
-            throw new InvalidArgumentException("A name must not contain a backtick (`)");
-        }
+        return self::escapeRaw($name);
+    }
+
+    /**
+     * Escapes the given $name to be used directly in a CYPHER query.
+     * Note: according to https://github.com/neo4j/neo4j/issues/12901 backslashes might give problems in some Neo4j versions.
+     */
+    public static function escapeRaw($name)
+    {
+        // Escape backticks that are included in $name by doubling them.
+        $name = str_replace('`', '``', $name);
 
         return sprintf("`%s`", $name);
     }
diff --git a/tests/Unit/ParameterTest.php b/tests/Unit/ParameterTest.php
@@ -68,10 +68,7 @@ public function provideThrowsExceptionOnInvalidData(): array
     {
         return [
             [""],
-            ["@"],
-            ["!"],
-            ["-"],
-            [''],
+            [str_repeat('a', 65535)],
         ];
     }
 }
diff --git a/tests/Unit/Patterns/NodeTest.php b/tests/Unit/Patterns/NodeTest.php
@@ -21,7 +21,6 @@
 
 namespace WikibaseSolutions\CypherDSL\Tests\Unit\Patterns;
 
-use InvalidArgumentException;
 use PHPUnit\Framework\TestCase;
 use WikibaseSolutions\CypherDSL\ExpressionList;
 use WikibaseSolutions\CypherDSL\Literals\Decimal;
@@ -49,13 +48,13 @@ public function testEmptyNode(): void
         $this->assertSame($name, $node->getVariable());
     }
 
-    public function testBacktickThrowsException(): void
+    // Further tests can be found in Traits/EscapeTraitTest
+    public function testBacktickIsEscaped(): void
     {
         $node = new Node();
 
-        $this->expectException(InvalidArgumentException::class);
-        $this->expectDeprecationMessage('A name can only contain alphanumeric characters and underscores');
         $node->named('abcdr`eer');
+        $this->assertEquals('(`abcdr``eer`)', $node->toQuery());
     }
 
     /**
diff --git a/tests/Unit/QueryTest.php b/tests/Unit/QueryTest.php
@@ -762,7 +762,7 @@ public function testWikiExamples(): void
             ->returning([$tom, $tomHanksMovies])
             ->build();
 
-        $this->assertSame("MATCH (tom:Person {name: 'Tom Hanks'})-[:`ACTED_IN`]->(tomHanksMovies) RETURN tom, tomHanksMovies", $statement);
+        $this->assertSame("MATCH (tom:Person {name: 'Tom Hanks'})-[:ACTED_IN]->(tomHanksMovies) RETURN tom, tomHanksMovies", $statement);
 
         $cloudAtlas = Query::variable("cloudAtlas");
         $cloudAtlasNode = Query::node()
@@ -795,7 +795,7 @@ public function testWikiExamples(): void
             ->returning($coActors->property("name"))
             ->build();
 
-        $this->assertSame("MATCH (tom:Person {name: 'Tom Hanks'})-[:`ACTED_IN`]->(m)<-[:`ACTED_IN`]-(coActors) RETURN coActors.name", $statement);
+        $this->assertSame("MATCH (tom:Person {name: 'Tom Hanks'})-[:ACTED_IN]->(m)<-[:ACTED_IN]-(coActors) RETURN coActors.name", $statement);
 
         /*
          * @see https://gitlab.wikibase.nl/community/libraries/php-cypher-dsl/-/wikis/Usage/Clauses/CALL-procedure-clause
diff --git a/tests/Unit/Traits/EscapeTraitTest.php b/tests/Unit/Traits/EscapeTraitTest.php
@@ -21,7 +21,6 @@
 
 namespace WikibaseSolutions\CypherDSL\Tests\Unit\Traits;
 
-use InvalidArgumentException;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use WikibaseSolutions\CypherDSL\Traits\EscapeTrait;
@@ -66,58 +65,29 @@ public function testUnsafeValueIsEscaped(string $value)
         $this->assertSame($expected, $actual);
     }
 
-    public function testValueWithBacktickThrowsException()
-    {
-        $this->expectException(InvalidArgumentException::class);
-
-        $this->trait->escape("foo`bar");
-    }
-
     public function provideSafeValueIsNotEscapedData(): array
     {
         return [
             ['foobar'],
             ['fooBar'],
             ['FOOBAR'],
+            ['foo_bar'],
+            ['FOO_BAR'],
             ['aaa'],
-            ['bbb'],
-            ['ccc'],
-            ['ddd'],
-            ['eee'],
-            ['fff'],
-            ['ggg'],
-            ['hhh'],
-            ['iii'],
-            ['jjj'],
-            ['kkk'],
-            ['lll'],
-            ['mmm'],
-            ['nnn'],
-            ['ooo'],
-            ['ppp'],
-            ['qqq'],
-            ['rrr'],
-            ['sss'],
-            ['ttt'],
-            ['uuu'],
-            ['vvv'],
-            ['www'],
-            ['xxx'],
-            ['yyy'],
-            ['zzz'],
-            [''],
             ['aaa100'],
             ['a0'],
             ['z10'],
             ['z99'],
+            ['ça'],
+            ['日'],
         ];
     }
 
     public function provideUnsafeValueIsEscapedData(): array
     {
         return [
-            ['foo_bar'],
-            ['FOO_BAR'],
+            [''],
+            ['__FooBar__'],
             ['_'],
             ['__'],
             ['\''],
@@ -129,4 +99,23 @@ public function provideUnsafeValueIsEscapedData(): array
             ['2'],
         ];
     }
+
+    /**
+     * @dataProvider provideValueWithBacktickIsProperlyEscapedData
+     */
+    public function testValueWithBacktickIsProperlyEscaped($input, $expected)
+    {
+        $this->assertSame('`foo``bar`', $this->trait->escape("foo`bar"));
+    }
+
+    public function provideValueWithBacktickIsProperlyEscapedData(): array
+    {
+        return [
+            ['foo`bar','`foo``bar`'],
+            ['`foo','```foo`'],
+            ['foo`','`foo```'],
+            ['foo``bar','`foo````bar`'],
+            ['`foo`','```foo```'],
+        ];
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,6 @@`
`35`	`35`	`use function is_resource;`
`36`	`36`	`use function is_string;`
`37`	`37`	`use function key;`
`38`		`-use function preg_match;`
`39`	`38`	`use function strpos;`
`40`	`39`	`use TypeError;`
`41`	`40`
`@@ -110,11 +109,8 @@ private static function assertValidName(string $name): void`
`110`	`109`	`throw new InvalidArgumentException("A name cannot be an empty string");`
`111`	`110`	`}`
`112`	`111`
`113`		`- if (!preg_match('/^\p{L}[\p{L}\d_]*$/u', $name)) {`
`114`		`- throw new InvalidArgumentException('A name can only contain alphanumeric characters and underscores and must begin with an alphabetic character');`
`115`		`- }`
`116`		`-`
`117`	`112`	`if (strlen($name) >= 65535) {`
	`113`	`+ // Remark: Actual limit depends on Neo4j version, but we just take the lower bound.`
`118`	`114`	`throw new InvalidArgumentException('A name cannot be longer than 65534 characters');`
`119`	`115`	`}`
`120`	`116`	`}`
Original file line number	Diff line number	Diff line change
`@@ -68,10 +68,7 @@ public function provideThrowsExceptionOnInvalidData(): array`
`68`	`68`	`{`
`69`	`69`	`return [`
`70`	`70`	`[""],`
`71`		`- ["@"],`
`72`		`- ["!"],`
`73`		`- ["-"],`
`74`		`- [''],`
	`71`	`+ [str_repeat('a', 65535)],`
`75`	`72`	`];`
`76`	`73`	`}`
`77`	`74`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,6 @@`
`21`	`21`
`22`	`22`	`namespace WikibaseSolutions\CypherDSL\Tests\Unit\Patterns;`
`23`	`23`
`24`		`-use InvalidArgumentException;`
`25`	`24`	`use PHPUnit\Framework\TestCase;`
`26`	`25`	`use WikibaseSolutions\CypherDSL\ExpressionList;`
`27`	`26`	`use WikibaseSolutions\CypherDSL\Literals\Decimal;`
`@@ -49,13 +48,13 @@ public function testEmptyNode(): void`
`49`	`48`	`$this->assertSame($name, $node->getVariable());`
`50`	`49`	`}`
`51`	`50`
`52`		`- public function testBacktickThrowsException(): void`
	`51`	`+ // Further tests can be found in Traits/EscapeTraitTest`
	`52`	`+ public function testBacktickIsEscaped(): void`
`53`	`53`	`{`
`54`	`54`	`$node = new Node();`
`55`	`55`
`56`		`- $this->expectException(InvalidArgumentException::class);`
`57`		`- $this->expectDeprecationMessage('A name can only contain alphanumeric characters and underscores');`
`58`	`56`	$node->named('abcdr`eer');
	`57`	+ $this->assertEquals('(`abcdr``eer`)', $node->toQuery());
`59`	`58`	`}`
`60`	`59`
`61`	`60`	`/**`