fix: possible StringIndexOutOfBoundsException in ExtendedCommand

arthurscchan · gotson · web-flow · commit 2fdb1e98397e · 2024-11-20T11:34:59.000+08:00
Closes: #1141 Co-authored-by: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
diff --git a/src/main/java/org/sqlite/ExtendedCommand.java b/src/main/java/org/sqlite/ExtendedCommand.java
@@ -54,7 +54,7 @@ public static String removeQuotation(String s) {
         if (s == null) return s;
 
         if ((s.startsWith("\"") && s.endsWith("\"")) || (s.startsWith("'") && s.endsWith("'")))
-            return s.substring(1, s.length() - 1);
+            return (s.length() >= 2) ? s.substring(1, s.length() - 1) : s;
         else return s;
     }
 
diff --git a/src/test/java/org/sqlite/ExtendedCommandTest.java b/src/test/java/org/sqlite/ExtendedCommandTest.java
@@ -12,7 +12,11 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.sql.SQLException;
+import java.util.stream.Stream;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.sqlite.ExtendedCommand.BackupCommand;
 import org.sqlite.ExtendedCommand.RestoreCommand;
 import org.sqlite.ExtendedCommand.SQLExtension;
@@ -69,4 +73,22 @@ public void parseRestoreCmd() throws SQLException {
         assertThat(b.targetDB).isEqualTo("main");
         assertThat(b.srcFile).isEqualTo("target/sample.db");
     }
+
+    @ParameterizedTest
+    @MethodSource
+    public void removeQuotation(String input, String expected) throws SQLException {
+        assertThat(ExtendedCommand.removeQuotation(input)).isEqualTo(expected);
+    }
+
+    private static Stream<Arguments> removeQuotation() {
+        return Stream.of(
+                Arguments.of(null, null), // Null String
+                Arguments.of("'", "'"), // String with one single quotation only
+                Arguments.of("\"", "\""), // String with one double quotation only
+                Arguments.of("'Test\"", "'Test\""), // String with two mismatch quotations
+                Arguments.of("'Test'", "Test"), // String with two matching single quotations
+                Arguments.of("\"Test\"", "Test"), // String with two matching double quotations
+                Arguments.of("'Te's\"t'", "Te's\"t") // String with more than two quotations
+                );
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public static String removeQuotation(String s) {`
`54`	`54`	`if (s == null) return s;`
`55`	`55`
`56`	`56`	`if ((s.startsWith("\"") && s.endsWith("\"")) \|\| (s.startsWith("'") && s.endsWith("'")))`
`57`		`- return s.substring(1, s.length() - 1);`
	`57`	`+ return (s.length() >= 2) ? s.substring(1, s.length() - 1) : s;`
`58`	`58`	`else return s;`
`59`	`59`	`}`
`60`	`60`