escape sql wildcards · proof@810957a

@@ -2,6 +2,8 @@
 
 module Scim
   class Visitor
+    include Varkon
+
     def initialize(clazz, mapper = {})
       @clazz = clazz
       @mapper = mapper
@@ -14,15 +16,15 @@ module Scim
       when :or
         visit(node.left).or(visit(node.right))
       when :eq
-        @clazz.where(attr_for(node) => value_from(node))
+        @clazz.where(attr_for(node) => node.value)
       when :ne
-        @clazz.where.not(attr_for(node) => value_from(node))
+        @clazz.where.not(attr_for(node) => node.value)
       when :co
-        @clazz.where("#{attr_for(node)} like ?", "%#{value_from(node)}%")
+        @clazz.where("#{attr_for(node)} LIKE ?", "%#{escape_sql_wildcards(node.value)}%")
       when :sw
-        @clazz.where("#{attr_for(node)} like ?", "#{value_from(node)}%")
+        @clazz.where("#{attr_for(node)} LIKE ?", "#{escape_sql_wildcards(node.value)}%")
       when :ew
-        @clazz.where("#{attr_for(node)} like ?", "%#{value_from(node)}")
+        @clazz.where("#{attr_for(node)} LIKE ?", "%#{escape_sql_wildcards(node.value)}")
       when :gt
         @clazz.where("#{attr_for(node)} > ?", cast_value_from(node))
       when :ge
@@ -40,20 +42,12 @@ module Scim
 
     private
 
-    def value_from(node)
-      node.value
-    end
-
     def cast_value_from(node)
-      attr = attr_for(node)
-      value = value_from(node)
-      type = @clazz.columns_hash[attr.to_s].type
-
-      case type
+      case @clazz.columns_hash[attr_for(node).to_s].type
       when :datetime
-        DateTime.parse(value)
+        DateTime.parse(node.value)
       else
-        value.to_s
+        node.value.to_s
       end
     end

@@ -78,16 +78,16 @@ RSpec.describe ::Scim::Visitor do
     end
 
     context "when searching for condition a OR condition b" do
-      let(:first_user) { users.sample }
-      let(:second_user) { users.sample }
+      let(:first_user) { users.first }
+      let(:second_user) { users.last }
       let(:results) { Scim::Search::Node.parse(%(userName eq "#{first_user.email}" or userName eq "#{second_user.email}")).accept(subject) }
 
       specify { expect(results.pluck(:email)).to match_array([first_user.email, second_user.email]) }
     end
 
     context "when searching for condition a AND condition b" do
-      let(:first_user) { users.sample }
-      let(:second_user) { users.sample }
+      let(:first_user) { users.first }
+      let(:second_user) { users.last }
       let(:results) { Scim::Search::Node.parse(%(meta.lastModified gt "#{10.minutes.from_now.iso8601}" and meta.lastModified lt "#{15.minutes.from_now.iso8601}")).accept(subject) }
 
       before do

@@ -26,6 +26,7 @@ gem 'scim-kit', github: 'mokhan/scim-kit'
 gem 'spank', '~> 1.0'
 gem 'turbolinks', '~> 5'
 gem 'webpacker', '~> 4.0'
+gem 'varkon', '~> 0.1'
 group :doc do
   gem 'jekyll', '~> 3.8'
   gem "minima", "~> 2.0" # This is the default theme for new Jekyll sites.

@@ -325,6 +325,7 @@ GEM
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
     unicode-display_width (1.6.0)
+    varkon (0.1.0)
     vcr (4.0.0)
     web-console (3.7.0)
       actionview (>= 5.0)
@@ -395,6 +396,7 @@ DEPENDENCIES
   selenium-webdriver (~> 3.14)
   spank (~> 1.0)
   turbolinks (~> 5)
+  varkon (~> 0.1)
   vcr (~> 4.0)
   web-console (>= 3.3.0)
   webmock (~> 3.4)

Commit 810957a

Commit `810957a`