search

orientechnologies / orientdb

OrientDB is the most versatile DBMS supporting Graph, Document, Reactive, Full-Text and Geospatial models in one Multi-Model product. OrientDB can run distributed (Multi-Master), supports SQL, ACID Transactions, Full-Text indexing and Reactive Queries.
https://orientdb.dev
Apache License 2.0
4.76k stars 871 forks source link

Escaped entities and newlines inside quotes cause an exception in the SQL parser #9554

Open MarttiR opened 3 years ago

MarttiR commented 3 years ago

OrientDB Version: 3.1.8 (docker)

In some cases, quoted strings containing escaped entities and/or newlines ("foo \n bar") fail to be parsed by the SQL parser. This happens both from Studio and through OrientJS batch.

Expected behavior

Newlines and escaped entities inside quoted strings do not crash the parser.

Actual behavior

Having any escaped character or a newline inside a quoted string will cause an exception in the SQL parser:

com.orientechnologies.orient.core.sql.parser.TokenMgrError: Lexical error at line 148, column 47.  Encountered: "\n" (10), after : "\""

Steps to reproduce

This seems to happen wherever there can be a quoted string. Some examples:

eval() doesn't like multiline expressions:

LET $test = eval("
  TRUE
  OR FALSE
");

RegExp is prone to breakage due to the frequent need to escape some characters:

CREATE FUNCTION newlineTest
"var foo = \"[test]\";
return /\\[[a-z]+\\]/.test(foo);"
IDEMPOTENT TRUE
LANGUAGE JAVASCRIPT;

Related issues

Newline in batch CREATE FUNCTION causes lexical error in OrientDB – orientjs#444 query runs fine in console, in web gui, but not over REST-API – orientdb#8206 – the same happens with single quotes. OrientDB 2.1 Migration - newlines in quoted SQL string – oriendb#4837

lvca commented 3 years ago

Is this happening with one statement SQL or only with scripts?