-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improved parsing of single-quoted strings #2949
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR updates the javacc-maven-plugin to v3.03. Maven Central reports this dependency has a CVE.
REQUEST DEV REVIEW and/or CHANGES
This is not a vulnerability in javacc-maven-plugin, but in a test dependency it has (an older version of junit). We're not bringing in their test dependencies so that does not impact us. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Fix addresses some issues parsing single-quoted strings.
- The CVE in the javacc-maven-plugin is related to the plugin's build dependencies. We do not ship the javacc-maven-plugin test dependencies. This CVE can be ignored for the purposes of this PR.
- New tests added to several test classes (SqlParserTest, StringUtilTest, SimpleSqlGrammarTest).
APPROVED
Impact
Description
The sql parser did not correctly handle a string with
\
s before a closing'
when there were more'
s in the line.For example, this SQL failed to split on the
#
:called from
Things to be aware of
Things to worry about