From 16e0b28747ae641f2697e3c43ec252ef1ff4e7d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20R=C3=B6gner?= <benjamin.roegner@here.com>
Date: Tue, 15 Oct 2024 16:42:37 +0200
Subject: [PATCH] Fix custom quoting in SQLQuery
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Benjamin Rögner <benjamin.roegner@here.com>
---
 .../java/com/here/xyz/util/db/SQLQuery.java   | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/xyz-util/src/main/java/com/here/xyz/util/db/SQLQuery.java b/xyz-util/src/main/java/com/here/xyz/util/db/SQLQuery.java
index 1629f5efe..0b5c48e70 100644
--- a/xyz-util/src/main/java/com/here/xyz/util/db/SQLQuery.java
+++ b/xyz-util/src/main/java/com/here/xyz/util/db/SQLQuery.java
@@ -65,7 +65,7 @@ public class SQLQuery {
   private static final String FRAGMENT_PREFIX = "${{";
   private static final String FRAGMENT_SUFFIX = "}}";
   public static final String QUERY_ID = "queryId";
-  public static final String TEXT_QUOTE = "\\$a\\$";
+  public static final String TEXT_QUOTE = "$a$";
   private String statement = "";
   @JsonProperty
   private List<Object> parameters = new ArrayList<>();
@@ -231,7 +231,7 @@ private String paramValueToString(Object paramValue) {
     if (paramValue == null)
       return "NULL";
     if (paramValue instanceof String stringParam)
-      return TEXT_QUOTE + escapeDollarSigns(escapeCustomQuotes(stringParam, TEXT_QUOTE)) + TEXT_QUOTE;
+      return escapeDollarSigns(customQuote(stringParam));
     if (paramValue instanceof Long)
       return paramValue + "::BIGINT";
     if (paramValue instanceof Number)
@@ -245,6 +245,11 @@ private String paramValueToString(Object paramValue) {
     return paramValue.toString();
   }
 
+  private static String customQuote(String stringToQuote) {
+    String quote = getEscapedCustomQuoteFor(stringToQuote, TEXT_QUOTE);
+    return quote + stringToQuote + quote;
+  }
+
   /**
    * Internal helper method that escapes $-signs, because they're treated as special chars when using the containing string as value
    * in a string / pattern-matching replacement.
@@ -266,17 +271,12 @@ private static String escapeDollarSigns(String containingString) {
    * @param customQuoteToEscape
    * @return
    */
-  private static String escapeCustomQuotes(String containingString, String customQuoteToEscape) {
-    if (!containingString.contains(customQuoteToEscape))
-      return containingString;
-
-    String escapedCustomQuote = getEscapedCustomQuoteFor(customQuoteToEscape);
-
+  private static String getEscapedCustomQuoteFor(String containingString, String customQuoteToEscape) {
     //Further escape the custom quote until finding one that is not in use yet
-    while (containingString.contains(escapedCustomQuote))
-      escapedCustomQuote = getEscapedCustomQuoteFor(escapedCustomQuote);
+    while (containingString.contains(customQuoteToEscape))
+      customQuoteToEscape = getEscapedCustomQuoteFor(customQuoteToEscape);
 
-    return containingString.replaceAll(Pattern.quote(customQuoteToEscape), escapeDollarSigns(escapedCustomQuote));
+    return customQuoteToEscape;
   }
 
   private static String getEscapedCustomQuoteFor(String customQuoteToEscape) {