Skip to content

Commit

Permalink
PIN-4557: Safer mongodb regex filters (#31)
Browse files Browse the repository at this point in the history
  • Loading branch information
galales authored Feb 13, 2024
1 parent ec4d7d5 commit b4b0e3b
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
package it.pagopa.interop.attributeregistryprocess.common.readmodel

import org.mongodb.scala.bson.conversions.Bson
import org.mongodb.scala.model.Filters

trait ReadModelQuery {
def mapToVarArgs[A, B](l: Seq[A])(f: Seq[A] => B): Option[B] = Option.when(l.nonEmpty)(f(l))

def escape(str: String): String = str.replaceAll("([.*+?^${}()|\\[\\]\\\\])", "\\\\$1")
def safeRegex(fieldName: String, pattern: String, options: String): Bson =
Filters.regex(fieldName, escape(pattern), options)
}
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ object ReadModelRegistryAttributeQueries extends ReadModelQuery {

val idsFilter = mapToVarArgs(ids.map(id => Filters.eq("data.id", id.toString)))(Filters.or)
val kindsFilter = mapToVarArgs(kinds.map(k => Filters.eq("data.kind", k.toString)))(Filters.or)
val nameFilter = name.map(Filters.regex("data.name", _, "i"))
val nameFilter = name.map(safeRegex("data.name", _, "i"))
val originFilter = origin.map(Filters.eq("data.origin", _))
val query =
mapToVarArgs(idsFilter.toList ++ kindsFilter.toList ++ nameFilter.toList ++ originFilter.toList)(Filters.and)
Expand Down

0 comments on commit b4b0e3b

Please sign in to comment.