Fix unicode escapes in single-quoted strings

Author: rmosolgo

lib/graphql/language/lexer.rb

@@ -107,6 +107,7 @@ def debug_token_value(token_name)
       }
       UTF_8 = /\\u(?:([\dAa-f]{4})|\{([\da-f]{4,})\})(?:\\u([\dAa-f]{4}))?/i
       VALID_STRING = /\A(?:[^\\]|#{ESCAPES}|#{UTF_8})*\z/o
+      ESCAPED = /(?:#{ESCAPES}|#{UTF_8})/o
 
       def string_value
         str = token_value
@@ -299,24 +300,27 @@ module ByteFor
       # Replace any escaped unicode or whitespace with the _actual_ characters
       # To avoid allocating more strings, this modifies the string passed into it
       def self.replace_escaped_characters_in_place(raw_string)
-        raw_string.gsub!(ESCAPES, ESCAPES_REPLACE)
-        raw_string.gsub!(UTF_8) do |_matched_str|
-          codepoint_1 = ($1 || $2).to_i(16)
-          codepoint_2 = $3
+        raw_string.gsub!(ESCAPED) do |matched_str|
+          if (res = ESCAPES_REPLACE[matched_str])
+            res
+          else
+            codepoint_1 = ($1 || $2).to_i(16)
+            codepoint_2 = $3
 
-          if codepoint_2
-            codepoint_2 = codepoint_2.to_i(16)
-            if (codepoint_1 >= 0xD800 && codepoint_1 <= 0xDBFF) && # leading surrogate
-                (codepoint_2 >= 0xDC00 && codepoint_2 <= 0xDFFF) # trailing surrogate
-              # A surrogate pair
-              combined = ((codepoint_1 - 0xD800) * 0x400) + (codepoint_2 - 0xDC00) + 0x10000
-              [combined].pack('U'.freeze)
+            if codepoint_2
+              codepoint_2 = codepoint_2.to_i(16)
+              if (codepoint_1 >= 0xD800 && codepoint_1 <= 0xDBFF) && # leading surrogate
+                  (codepoint_2 >= 0xDC00 && codepoint_2 <= 0xDFFF) # trailing surrogate
+                # A surrogate pair
+                combined = ((codepoint_1 - 0xD800) * 0x400) + (codepoint_2 - 0xDC00) + 0x10000
+                [combined].pack('U'.freeze)
+              else
+                # Two separate code points
+                [codepoint_1].pack('U'.freeze) + [codepoint_2].pack('U'.freeze)
+              end
             else
-              # Two separate code points
-              [codepoint_1].pack('U'.freeze) + [codepoint_2].pack('U'.freeze)
+              [codepoint_1].pack('U'.freeze)
             end
-          else
-            [codepoint_1].pack('U'.freeze)
           end
         end
         nil

spec/graphql/types/string_spec.rb

@@ -101,4 +101,33 @@ def self.type_error(err, ctx)
       assert_nil string_type.coerce_isolated_input(0.999)
     end
   end
+
+
+  describe "unicode escapes" do
+    class UnicodeEscapeSchema < GraphQL::Schema
+      class QueryType < GraphQL::Schema::Object
+        field :get_string, String do
+          argument :string, String
+        end
+
+        def get_string(string:)
+          string
+        end
+      end
+
+      query(QueryType)
+    end
+
+    it "parses escapes properly in single-quoted strings" do
+      query_str = File.read("./spec/fixtures/unicode_escapes/query1.graphql")
+      res = UnicodeEscapeSchema.execute(query_str)
+      assert_equal "d", res["data"]["example1"]
+      assert_equal "\\u0064", res["data"]["example2"]
+      assert_equal "\\u006", res["data"]["example4"]
+
+      error_query_str = query_str.gsub("  # ", "  ")
+      res2 = UnicodeEscapeSchema.execute(error_query_str)
+      assert_equal ["Expected string or block string, but it was malformed"], res2["errors"].map { |err| err["message"] }
+    end
+  end
 end