Merge pull request #9 from AikidoSec/string-escape-constant

willem-delbare · web-flow · commit e003b3e2b541 · 2025-01-24T13:10:25.000+01:00
Only support string escape constant for Postgres, Redshift and generic dialect
diff --git a/src/dialect/generic.rs b/src/dialect/generic.rs
@@ -111,4 +111,8 @@ impl Dialect for GenericDialect {
     fn supports_nested_comments(&self) -> bool {
         true
     }
+
+    fn supports_string_escape_constant(&self) -> bool {
+        true
+    }
 }
diff --git a/src/dialect/mod.rs b/src/dialect/mod.rs
@@ -573,6 +573,13 @@ pub trait Dialect: Debug + Any {
     fn supports_nested_comments(&self) -> bool {
         false
     }
+
+    /// Returns true if this dialect supports the E'...' syntax for string literals
+    ///
+    /// Postgres: <https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS-ESCAPE>
+    fn supports_string_escape_constant(&self) -> bool {
+        false
+    }
 }
 
 /// This represents the operators for which precedence must be defined
diff --git a/src/dialect/postgresql.rs b/src/dialect/postgresql.rs
@@ -192,6 +192,10 @@ impl Dialect for PostgreSqlDialect {
     fn supports_nested_comments(&self) -> bool {
         true
     }
+
+    fn supports_string_escape_constant(&self) -> bool {
+        true
+    }
 }
 
 pub fn parse_comment(parser: &mut Parser) -> Result<Statement, ParserError> {
diff --git a/src/dialect/redshift.rs b/src/dialect/redshift.rs
@@ -68,4 +68,8 @@ impl Dialect for RedshiftSqlDialect {
     fn supports_connect_by(&self) -> bool {
         true
     }
+
+    fn supports_string_escape_constant(&self) -> bool {
+        true
+    }
 }
diff --git a/src/test_utils.rs b/src/test_utils.rs
@@ -218,13 +218,17 @@ impl TestedDialects {
 
     /// Check that the tokenizer returns the expected tokens for the given SQL.
     pub fn tokenizes_to(&self, sql: &str, expected: Vec<Token>) {
+        if self.dialects.is_empty() {
+            panic!("No dialects to test");
+        }
+
         self.dialects.iter().for_each(|dialect| {
             let mut tokenizer = Tokenizer::new(&**dialect, sql);
             if let Some(options) = &self.options {
                 tokenizer = tokenizer.with_unescape(options.unescape);
             }
             let tokens = tokenizer.tokenize().unwrap();
-            assert_eq!(expected, tokens);
+            assert_eq!(expected, tokens, "Tokenized differently for {:?}", dialect);
         });
     }
 }
diff --git a/src/tokenizer.rs b/src/tokenizer.rs
@@ -790,7 +790,7 @@ impl<'a> Tokenizer<'a> {
                     }
                 }
                 // PostgreSQL accepts "escape" string constants, which are an extension to the SQL standard.
-                x @ 'e' | x @ 'E' => {
+                x @ 'e' | x @ 'E' if self.dialect.supports_string_escape_constant() => {
                     let starting_loc = chars.location();
                     chars.next(); // consume, to check the next char
                     match chars.peek() {
@@ -3244,4 +3244,48 @@ mod tests {
                 ],
             );
     }
+
+    #[test]
+    fn test_string_escape_constant_not_supported() {
+        all_dialects_where(|dialect| !dialect.supports_string_escape_constant()).tokenizes_to(
+            "select e'...'",
+            vec![
+                Token::make_keyword("select"),
+                Token::Whitespace(Whitespace::Space),
+                Token::make_word("e", None),
+                Token::SingleQuotedString("...".to_string()),
+            ],
+        );
+
+        all_dialects_where(|dialect| !dialect.supports_string_escape_constant()).tokenizes_to(
+            "select E'...'",
+            vec![
+                Token::make_keyword("select"),
+                Token::Whitespace(Whitespace::Space),
+                Token::make_word("E", None),
+                Token::SingleQuotedString("...".to_string()),
+            ],
+        );
+    }
+
+    #[test]
+    fn test_string_escape_constant_supported() {
+        all_dialects_where(|dialect| dialect.supports_string_escape_constant()).tokenizes_to(
+            "select e'\\''",
+            vec![
+                Token::make_keyword("select"),
+                Token::Whitespace(Whitespace::Space),
+                Token::EscapedStringLiteral("'".to_string()),
+            ],
+        );
+
+        all_dialects_where(|dialect| dialect.supports_string_escape_constant()).tokenizes_to(
+            "select E'\\''",
+            vec![
+                Token::make_keyword("select"),
+                Token::Whitespace(Whitespace::Space),
+                Token::EscapedStringLiteral("'".to_string()),
+            ],
+        );
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -111,4 +111,8 @@ impl Dialect for GenericDialect {`
`111`	`111`	`fn supports_nested_comments(&self) -> bool {`
`112`	`112`	`true`
`113`	`113`	`}`
	`114`	`+`
	`115`	`+ fn supports_string_escape_constant(&self) -> bool {`
	`116`	`+ true`
	`117`	`+ }`
`114`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -573,6 +573,13 @@ pub trait Dialect: Debug + Any {`
`573`	`573`	`fn supports_nested_comments(&self) -> bool {`
`574`	`574`	`false`
`575`	`575`	`}`
	`576`	`+`
	`577`	`+ /// Returns true if this dialect supports the E'...' syntax for string literals`
	`578`	`+ ///`
	`579`	`+ /// Postgres: <https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS-ESCAPE>`
	`580`	`+ fn supports_string_escape_constant(&self) -> bool {`
	`581`	`+ false`
	`582`	`+ }`
`576`	`583`	`}`
`577`	`584`
`578`	`585`	`/// This represents the operators for which precedence must be defined`
Original file line number	Diff line number	Diff line change
`@@ -192,6 +192,10 @@ impl Dialect for PostgreSqlDialect {`
`192`	`192`	`fn supports_nested_comments(&self) -> bool {`
`193`	`193`	`true`
`194`	`194`	`}`
	`195`	`+`
	`196`	`+ fn supports_string_escape_constant(&self) -> bool {`
	`197`	`+ true`
	`198`	`+ }`
`195`	`199`	`}`
`196`	`200`
`197`	`201`	`pub fn parse_comment(parser: &mut Parser) -> Result<Statement, ParserError> {`
Original file line number	Diff line number	Diff line change
`@@ -68,4 +68,8 @@ impl Dialect for RedshiftSqlDialect {`
`68`	`68`	`fn supports_connect_by(&self) -> bool {`
`69`	`69`	`true`
`70`	`70`	`}`
	`71`	`+`
	`72`	`+ fn supports_string_escape_constant(&self) -> bool {`
	`73`	`+ true`
	`74`	`+ }`
`71`	`75`	`}`
Original file line number	Diff line number	Diff line change
`@@ -218,13 +218,17 @@ impl TestedDialects {`
`218`	`218`
`219`	`219`	`/// Check that the tokenizer returns the expected tokens for the given SQL.`
`220`	`220`	`pub fn tokenizes_to(&self, sql: &str, expected: Vec<Token>) {`
	`221`	`+ if self.dialects.is_empty() {`
	`222`	`+ panic!("No dialects to test");`
	`223`	`+ }`
	`224`	`+`
`221`	`225`	`self.dialects.iter().for_each(\|dialect\| {`
`222`	`226`	`let mut tokenizer = Tokenizer::new(&**dialect, sql);`
`223`	`227`	`if let Some(options) = &self.options {`
`224`	`228`	`tokenizer = tokenizer.with_unescape(options.unescape);`
`225`	`229`	`}`
`226`	`230`	`let tokens = tokenizer.tokenize().unwrap();`
`227`		`- assert_eq!(expected, tokens);`
	`231`	`+ assert_eq!(expected, tokens, "Tokenized differently for {:?}", dialect);`
`228`	`232`	`});`
`229`	`233`	`}`
`230`	`234`	`}`