Merge pull request #33 from cloudblue/lite-20235-not-balanced-brackets

maxipavlovic · web-flow · commit 60c298a68ccc · 2021-12-15T09:28:18.000+01:00
LITE-20235 Added regex special symbols escape
diff --git a/dj_rql/filter_cls.py b/dj_rql/filter_cls.py
@@ -1,7 +1,9 @@
 #
 #  Copyright © 2021 Ingram Micro Inc. All rights reserved.
 #
+
 import decimal
+import re
 from collections import defaultdict
 from datetime import datetime
 from uuid import uuid4
@@ -879,13 +881,27 @@ def _get_searching_typed_value(cls, django_lookup, str_value):
         if val == RQL_ANY_SYMBOL:
             return any_symbol_regex
 
-        new_val = val
+        new_val = cls._escape_regex_special_symbols(val)
         new_val = new_val[1:] if val[0] == RQL_ANY_SYMBOL else '^{0}'.format(new_val)
         new_val = new_val[:-1] if val[-1] == RQL_ANY_SYMBOL else '{0}$'.format(new_val)
         return new_val.replace(RQL_ANY_SYMBOL, any_symbol_regex).replace(
             star_replacer, RQL_ANY_SYMBOL,
         )
 
+    @staticmethod
+    def _escape_regex_special_symbols(str_value):
+        """Returns escaped string
+
+        Current like/ilike protocol (* in any place) implementation requires to execute regex.
+        Input string could be a not valid (braces not balanced db error)
+        or misinterpreted (symbols range). Regex is not supported by RQL so we can safely
+        escape redundant special symbols.
+        """
+        return (
+            re.escape(str_value)
+            .replace(r'\{0}'.format(RQL_ANY_SYMBOL), RQL_ANY_SYMBOL)
+        )
+
     @classmethod
     def _convert_value(cls, django_field, str_value, use_repr=False):
         val = cls.remove_quotes(str_value)
diff --git a/tests/test_filter_cls/test_fields_filtering.py b/tests/test_filter_cls/test_fields_filtering.py
@@ -472,6 +472,10 @@ def test_empty_value_fail(filter_name):
     ('*\*\*value', DjangoLookups.ENDSWITH, '**value'),
     ('*val\*ue*', DjangoLookups.CONTAINS, 'val*ue'),
     ('va\*l*\*ue*', DjangoLookups.REGEX, '^va*l(.*)*ue'),
+    ('val*[ue}*', DjangoLookups.REGEX, r'^val(.*)\[ue\}'),
+    ('val*ue)*', DjangoLookups.REGEX, r'^val(.*)ue\)'),
+    ('*val*ue{2*', DjangoLookups.REGEX, r'val(.*)ue\{2'),
+    ('val*ue{2}*', DjangoLookups.REGEX, r'^val(.*)ue\{2\}'),
 ])
 def test_searching_q_ok(value, db_lookup, db_value):
     cls = BooksFilterClass(book_qs)
