[CORRUPTED] Synthetic Benchmark PR #103379 - fix(search): Fix handle backslashes in wildcard operators

[tomerqodo]

User description

Benchmark PR getsentry#103379

Type: Corrupted (contains bugs)

Original PR Title: fix(search): Fix handle backslashes in wildcard operators
Original PR Description: When using one of the wildcard operators (contains, starts with, ends with), we need to make sure to properly escape backslashes in order to handle the search correctly.
Original PR URL: getsentry#103379

---

PR Type

Bug fix, Tests

---

Description

• Fix backslash handling in wildcard search operators (contains, starts_with, ends_with)

• Add handle_backslash() function to properly escape backslashes in search values

• Update escape character validation to allow backslash escaping

• Add comprehensive tests for wildcard operators with backslash characters

---

Diagram Walkthrough

flowchart LR
  A["Search Query with Backslash"] --> B["gen_wildcard_value()"]
  B --> C["handle_backslash()"]
  C --> D["Properly Escaped Backslashes"]
  D --> E["Wildcard Operators"]
  E --> F["Search Results"]

Loading

File Walkthrough

	Relevant files
Bug fix	event_search.py Add backslash escaping for wildcard operators                        src/sentry/api/event_search.py Modified escape character validation in translate_wildcard_as_clickhouse_pattern() to allow backslash escaping by adding "\\" to the allowed escape characters set Added new handle_backslash() function to properly escape backslashes in search values Integrated handle_backslash() call into gen_wildcard_value() to process backslashes before applying wildcard operators +29/-1
Tests	test_organization_group_index.py Test wildcard operators with backslash characters                tests/sentry/issues/endpoints/test_organization_group_index.py Added test_wildcard_operator_with_backslash() test method to verify backslash handling in user.username field searches Tests cover direct backslash searches, wildcard patterns with escaped backslashes, and all three wildcard operators (contains, starts_with, ends_with) Validates that events with backslash characters in usernames are correctly matched across different query formats +37/-0    test_organization_events_span_indexed.py Test span wildcard operators with backslashes                        tests/snuba/api/endpoints/test_organization_events_span_indexed.py Added test_wildcard_operator_with_backslash() test method for span description field searches Tests verify backslash handling across direct searches, wildcard patterns, and all three wildcard operators Validates that spans with backslash characters in descriptions are correctly retrieved through various query formats +36/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No auditing: New input handling for wildcard and backslashes does not add or modify any audit logging for critical actions, which may be acceptable as this utility likely doesn't perform auditable actions but cannot be confirmed from the diff. Referred Code def gen_wildcard_value(value: str, wildcard_op: str) -> str: if value == "" or wildcard_op == "": return value value = re.sub(r"(?<!\\)\*", r"\\*", value) value = handle_backslash(value) if wildcard_op == WILDCARD_OPERATOR_MAP["contains"]: value = add_leading_wildcard(value) value = add_trailing_wildcard(value) elif wildcard_op == WILDCARD_OPERATOR_MAP["starts_with"]: value = add_trailing_wildcard(value) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Edge cases: The new handle_backslash logic may not handle all escape combinations (e.g., double backslashes before non-wildcard chars) and relies on InvalidSearchQuery elsewhere, requiring broader context to confirm robustness. Referred Code def handle_backslash(value: str) -> str: # when working with one of the wildcard operators, # we need to ensure we properly handle backslashes # by escaping them v = [] n = len(value) i = 0 while i < n: c = value[i] if c == "\\": j = i + 1 if j < n and value[j] in {"*"}: # found an escaped * or \ v.append(c) i += 1 c = value[i] else: # found just a \ v.append("\\") ... (clipped 5 lines) Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input escaping: The PR modifies escaping for wildcard queries and backslashes, which appears to sanitize inputs, but without seeing downstream query construction we cannot confirm protection against injection across all paths. Referred Code def gen_wildcard_value(value: str, wildcard_op: str) -> str: if value == "" or wildcard_op == "": return value value = re.sub(r"(?<!\\)\*", r"\\*", value) value = handle_backslash(value) if wildcard_op == WILDCARD_OPERATOR_MAP["contains"]: value = add_leading_wildcard(value) value = add_trailing_wildcard(value) elif wildcard_op == WILDCARD_OPERATOR_MAP["starts_with"]: value = add_trailing_wildcard(value) Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	The backslash handling logic is flawed The handle_backslash function is flawed as it duplicates backslashes, causing incorrect search behavior. It should be replaced with a simple str.replace() to correctly escape backslashes. Examples: src/sentry/api/event_search.py [409-433] def handle_backslash(value: str) -> str: # when working with one of the wildcard operators, # we need to ensure we properly handle backslashes # by escaping them v = [] n = len(value) i = 0 while i < n: ... (clipped 15 lines) Solution Walkthrough: Before: def handle_backslash(value: str) -> str: v = [] n = len(value) i = 0 while i < n: c = value[i] if c == "\\": j = i + 1 if j < n and value[j] in {"*"}: v.append(c) i += 1 c = value[i] else: v.append("\\") v.append(c) i += 1 return "".join(v) After: def handle_backslash(value: str) -> str: # This correctly escapes backslashes for the subsequent wildcard translation. # It avoids the complex and buggy manual iteration. return value.replace("\\", "\\\\") Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a critical bug in the core logic of the handle_backslash function, which incorrectly processes backslashes and would lead to broken search functionality.	High
More