Fix parsing sql statements with semicolons

josacar · May 23, 2024 · 386c608 · 386c608
1 parent 6391b91
commit 386c608
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 7 deletions.
diff --git a/shard.yml b/shard.yml
@@ -1,5 +1,5 @@
 name: triki
-version: 0.3.0
+version: 0.3.1
 
 dependencies:
   walker_method:

diff --git a/spec/triki/mysql_spec.cr b/spec/triki/mysql_spec.cr
@@ -39,6 +39,12 @@ describe Triki::Mysql do
       fields = [["bla", "blobdata", "blubb", "0xACED00057372001F6A6176612E7574696C2E436F6C6C656"]]
       subject.rows_to_be_inserted(string).should eq(fields)
     end
+
+    it "should work with values with semicolons" do
+      string = "INSERT INTO `some_table` (thing1,thing2) VALUES ('bla' , 'blob;data', 'blubb' , 'blubb') ;"
+      fields = [["bla", "blob;data", "blubb", "blubb"]]
+      subject.rows_to_be_inserted(string).should eq(fields)
+    end
   end
 
   describe "#make_valid_value_string" do

diff --git a/spec/triki_spec.cr b/spec/triki_spec.cr
@@ -261,7 +261,7 @@ describe Triki do
 
       context "when there is something to obfuscate" do
         string = <<-SQL
-          INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin,ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54),('dontmurderme@direwolf.com','direwolf', 'somethingelse3', 44);
+          INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin;ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54),('dontmurderme@direwolf.com','direwolf', 'somethingelse3', 44);
           INSERT INTO `another_table` (`a`, `b`, `c`, `d`) VALUES (1,2,3,4), (5,6,7,8);
           INSERT INTO `some_table_to_keep` (`a`, `b`, `c`, `d`) VALUES (1,2,3,4), (5,6,7,8);
           INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','kjhjd^&dkjh', 'aawefjkafe', 'wadus'), ('hello1','kjhj!', 892938, 'tradus'), ('hello2','moose!!', NULL, NULL);
@@ -364,11 +364,11 @@ describe Triki do
         it "should obfuscate the tables" do
           output_string.should contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES (")
           output_string.should contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES (")
-          output_string.should contain("'some\\'thin,ge())lse1'")
+          output_string.should contain("'some\\'thin;ge())lse1'")
           output_string.should contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','monkey',NULL,'wadus'),('hello1','monkey',NULL,'tradus'),('hello2','monkey',NULL,NULL);")
           output_string.should_not contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','kjhjd^&dkjh',NULL, 'wadus'),('hello1','kjhj!',NULL, 'tradus'),('hello2','moose!!',NULL, NULL);")
           output_string.should_not contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','kjhjd^&dkjh',NULL,'wadus'),('hello1','kjhj!',NULL,'tradus'),('hello2','moose!!',NULL,NULL);")
-          output_string.should_not contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin,ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54);")
+          output_string.should_not contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin;ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54);")
         end
 
         context "with MariaDB >= 10.7.1 dump" do
@@ -391,11 +391,11 @@ describe Triki do
 
             output_string.should contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES (")
             output_string.should contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES (")
-            output_string.should contain("'some\\'thin,ge())lse1'")
+            output_string.should contain("'some\\'thin;ge())lse1'")
             output_string.should contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','monkey',NULL,'wadus'),('hello1','monkey',NULL,'tradus'),('hello2','monkey',NULL,NULL);")
             output_string.should_not contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','kjhjd^&dkjh',NULL, 'wadus'),('hello1','kjhj!',NULL, 'tradus'),('hello2','moose!!',NULL, NULL);")
             output_string.should_not contain("INSERT INTO `one_more_table` (`a`, `password`, `c`, `d,d`) VALUES ('hello','kjhjd^&dkjh',NULL,'wadus'),('hello1','kjhj!',NULL,'tradus'),('hello2','moose!!',NULL,NULL);")
-            output_string.should_not contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin,ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54);")
+            output_string.should_not contain("INSERT INTO `some_table` (`email`, `name`, `something`, `age`) VALUES ('bob@honk.com','bob', 'some\\'thin;ge())lse1', 25),('joe@joe.com','joe', 'somethingelse2', 54);")
           end
         end
 

diff --git a/src/triki/insert_statement_parser.cr b/src/triki/insert_statement_parser.cr
@@ -1,7 +1,7 @@
 class Triki
   module InsertStatementParser
     def parse(obfuscator, config, input_io, output_io)
-      while statement = input_io.gets(';')
+      while statement = input_io.gets(");\n")
         if table_data = parse_insert_statement(statement)
           table_name = table_data["table_name"].as(String)
           columns = table_data["column_names"].as(Array(String))