formatParamsDesc not sanitizing input

[kleinwareio]

Specnaz Version 1.5.2

It looks like Conversions.java, line 344 needs to sanitize the replacement string.

Specifically, it looks like a $ in the replacement string is a problem

class FormatTests: SpecnazKotlinParamsJUnitPlatform("Format", {
    it.describes("failure %1") { _: Any ->
        it.should("not fail") {
        }
    }.provided(object {}, "Nope$")
})

[skinny85]

Hey @kleinwareio,

thanks for reporting! Confirming I was able to reproduce the issue.

The problem is indeed in this line, as you've correctly found already. Apparently, the replaceAll() method treats some characters in the string being inserted in a special way, which I didn't realize before. From the JavaDocs of the method:

Note that backslashes (\\) and dollar signs ($) in the replacement string may cause the results to be different than if it were being treated as a literal replacement string. Dollar signs may be treated as references to captured subsequences as described above, and backslashes are used to escape literal characters in the replacement string.

Apparently, the way to fix it is to use a different method:

Use Matcher.quoteReplacement(java.lang.String) to suppress the special meaning of these characters, if desired.

I'll prepare a PR fixing this.

[skinny85]

Ok, the bug has been fixed, now I need to cut a release.

[skinny85]

OK, the release 1.5.3 with this bugfix has been cut, and is available on Maven Central.

I will import it internally soon™.