Merge pull request #227 from TAMULib/fw_registry-issue_316-simple_sql_escape

kaladay · web-flow · commit a63fa1d74193 · 2023-11-08T11:11:49.000-06:00
FW Registry Issue 316: Add simple SQL sanitization.
diff --git a/src/main/java/org/folio/rest/utility/FormatUtility.java b/src/main/java/org/folio/rest/utility/FormatUtility.java
@@ -19,6 +19,25 @@ private FormatUtility() {
 
   }
 
+  /**
+   * Perform basic SQL sanitization.
+   *
+   * Only the most basic forms of sanitization is performed.
+   *
+   * Single quotes are escaped using the standard method.
+   * The Backslash Escape Sequence SQL feature is currently not supported.
+   *
+   * @param text The text to sanitize.
+   * @return The sanitized text for use in SQL queries.
+   */
+  public static String sanitizeSqlCode(String text) {
+    if (text == null) {
+      return text;
+    }
+
+    return text.replace("'", "''");
+  }
+
   /**
    * Escape the text to ensure it can be safely used in CQL.
    *
@@ -34,7 +53,7 @@ private FormatUtility() {
    * @param text The text to normalize.
    * @return The normalized text for use inside the CQL as a value.
    *
-   * @see https://github.com/folio-org/raml-module-builder/blob/2c39990c96c22262b02c98dd2b51cbeedc90fb9d/util/src/main/java/org/folio/util/StringUtil.java#L39
+   * @see "https://github.com/folio-org/raml-module-builder/blob/2c39990c96c22262b02c98dd2b51cbeedc90fb9d/util/src/main/java/org/folio/util/StringUtil.java#L39"
    */
   public static String normalizeCqlUrlArgument(String text) {
     if (text == null) {
