Fix column name escaping (#44)

* Add test for appendGTE and friends. * Use backticks to quote SQL identifiers Using double quotes had the disadvantage that unknown column names were silently changed to a string literal in WHERE statements. This can be avoided by using backticks.
moveit · Aug 6, 2024 · da409f1 · da409f1
1 parent 54094eb
commit da409f1
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 2 deletions.
diff --git a/include/warehouse_ros_sqlite/utils.h b/include/warehouse_ros_sqlite/utils.h
@@ -97,7 +97,7 @@ using escaped_columnname = std::string;
 using escaped_tablename = std::string;
 inline std::string escape_identifier(const std::string& s)
 {
-  return "\"" + detail::escape<'"'>(s) + "\"";
+  return "`" + detail::escape<'`'>(s) + "`";
 }
 inline escaped_columnname escape_columnname_with_prefix(const std::string& c)
 {

diff --git a/test/DatabaseConnection.cpp b/test/DatabaseConnection.cpp
@@ -30,8 +30,9 @@
 #include <gtest/gtest.h>
 #include <warehouse_ros_sqlite/database_connection.h>
 #include <warehouse_ros_sqlite/utils.h>
-#include <geometry_msgs/Vector3.h>
+#include <geometry_msgs/Point.h>
 #include <geometry_msgs/Pose.h>
+#include <geometry_msgs/Vector3.h>
 #include <ros/ros.h>
 
 class ConnectionTest : public ::testing::Test
@@ -399,6 +400,58 @@ TEST_F(ConnectionTest, Sorting)
   }
 }
 
+TEST_F(ConnectionTest, appendGTE)
+{
+  auto coll = conn_->openCollection<geometry_msgs::Point>("test_db", "test_collection");
+
+  auto metadata = coll.createMetadata();
+  metadata->append("test_metadata", 5.0);
+
+  geometry_msgs::Point msg = {};
+  coll.insert(msg, metadata);
+
+  {
+    auto query = coll.createQuery();
+    query->appendGTE("unrelated", 4.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendGT("unrelated", 4.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendLTE("unrelated", 6.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+
+  {
+    auto query = coll.createQuery();
+    query->appendLT("unrelated", 6.0);
+    EXPECT_TRUE(coll.queryList(query).empty());
+  }
+}
+
+TEST_F(ConnectionTest, BacktickInMeta)
+{
+  auto coll = conn_->openCollection<geometry_msgs::Point>("test_db", "test_backtick");
+
+  auto metadata = coll.createMetadata();
+  metadata->append("test_`metadata", 5.0);
+
+  geometry_msgs::Point msg = {};
+  coll.insert(msg, metadata);
+
+  {
+    auto query = coll.createQuery();
+    query->appendGTE("test_`metadata", 4.0);
+    EXPECT_EQ(coll.queryList(query).size(), 1);
+  }
+}
+
 TEST(Utils, Md5Validation)
 {
   const char* a = "4a842b65f413084dc2b10fb484ea7f17";