🔀 Fix/allow capital 'z' in search value (#6)

* Update README.md

To reflect the actual implementation regarding Sort.

* Allow more charecters in select values

* Added wildcards to select

* Added test of wildcards

* Changed logic in Elements to support single element size spans

* Expanded test with now valid input

* Simplified logic in getElement

* Allow more charecters in select values

* Allow more charecters in select values

* Added test of wildcards

* Changed logic in Elements to support single element size spans

* Expanded test with now valid input

* Simplified logic in getElement

* Changed logic in Elements to support single element size spans

* Simplified logic in getElement

* Adjusted elements logic to allow same start and end, or only one element

* Removed duplicated test

* Added test for single element equal to 0

* Suspicious character sequences now work as intended

* Character sequences are unnessesary

as they all start with '\' and '\' is on its own already not allowed

* Reverted changes

* Update Sanitizer.java

* Update Sanitizer.java

* PR requested changes

Co-authored-by: Søren Ravn <[email protected]>
Co-authored-by: Niels Wittrup Andersen <[email protected]>
Co-authored-by: Jesper Rossen <[email protected]>

Author: 4 people

src/main/java/io/openapitools/api/capabilities/Sanitizer.java

@@ -6,7 +6,7 @@
  * API input sanitizer in a rudimental version.
  */
 public final class Sanitizer {
-    private static final String[] SUSPICIOUS_CONTENT = {"\'", "\"", "\\", "%", "\\%", "\\_", "\0", "\b", "\n", "\t", "\r", "\\Z", "?", "#"};
+    private static final char[] SUSPICIOUS_CONTENT = {'\'', '\"', '\\', '%', '\0', '\b', '\n', '\t', '\r', '?', '#'};
 
     private Sanitizer() {
         // reduce scope to avoid default construction
@@ -18,7 +18,7 @@ private Sanitizer() {
      * @return String.
      */
     static String regexQuotedSuspiciousContent() {
-        return Pattern.quote(String.join("", SUSPICIOUS_CONTENT));
+        return Pattern.quote(new StringBuilder().append(SUSPICIOUS_CONTENT).toString());
     }
 
     /**
@@ -41,8 +41,8 @@ public static String sanitize(String input, boolean allowSpaces, boolean allowNu
         if (!allowNumbers) {
             result = result.matches(".*\\d.*") ? "" : result;
         }
-        for (String s : SUSPICIOUS_CONTENT) {
-            if (result.contains(s)) {
+        for (char c: SUSPICIOUS_CONTENT) {
+            if (result.contains(new Character(c).toString())) {
                 return "";
             }
         }

src/test/java/io/openapitools/api/capabilities/SanitizerTest.java

@@ -59,4 +59,15 @@ public void testSuspiciousInput() {
         assertEquals("", Sanitizer.sanitize("This is not ok input 2 '", true));
         assertEquals("", Sanitizer.sanitize("This is not ok input 2 'OR 1", true));
     }
+
+    @Test
+    public void testCharSequence() {
+        assertEquals("", Sanitizer.sanitize("this is not okay \\%",true));
+        assertEquals("", Sanitizer.sanitize("this is not okay \\_",true));
+        assertEquals("", Sanitizer.sanitize("this is \\Z not okay ",true));
+        assertEquals("", Sanitizer.sanitize("this is not okay \\Z",true));
+
+        assertEquals("this is okay Z", Sanitizer.sanitize("this is okay Z",true));
+        assertEquals("this is _ okay ", Sanitizer.sanitize("this is _ okay ",true));
+    }
 }

src/test/java/io/openapitools/api/capabilities/SelectTest.java

@@ -184,4 +184,10 @@ public void testWildcards() {
             assertTrue(sel.getValue().equals("*loan") || sel.getValue().equals("savings*"));
         }
     }
+
+    @Test
+    public void testZ(){
+        assertEquals(1,Select.getSelections("name::asdZ").size());
+        assertEquals(0,Select.getSelections("name::asd\\Z").size());
+    }
 }