HIVE-27488: Incorrect escaping of quotes in HPL/SQL literals (Dayakar…

… M reviewed by Attila Turoczy, Stamatis Zampetakis) Closes apache#4476
yeahyung · Jul 20, 2023 · 4ff6de2 · 4ff6de2
1 parent c7419e9
commit 4ff6de2
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 4 deletions.
diff --git a/hplsql/src/main/java/org/apache/hive/hplsql/Utils.java b/hplsql/src/main/java/org/apache/hive/hplsql/Utils.java
@@ -32,18 +32,22 @@ public static String unquoteString(String s) {
 	  }
 
 	  int len = s.length();
-	  StringBuilder s2 = new StringBuilder(len);	  
+	  StringBuilder s2 = new StringBuilder(len);
+	  boolean isEscape = true;
 
 	  for (int i = 0; i < len; i++) {
 		char ch = s.charAt(i);
 		char ch2 = (i < len - 1) ? s.charAt(i+1) : 0;
 
-	    if((i == 0 || i == len -1) && (ch == '\'' || ch == '"'))
+	    if((i == 0 || i == len - 1) && (ch == '\'' || ch == '"'))
 	      continue;
 	    else
-	    // \' and '' escape sequences
-	    if((ch == '\\' && ch2 == '\'') || (ch == '\'' && ch2 == '\''))
+	    // \' and '' escape sequences and include ' if last two characters are ''
+	    if((ch == '\\' && ch2 == '\'') || (ch == '\'' && ch2 == '\'' && isEscape && i != len - 2)) {
+	      isEscape = false;
 	      continue;
+	    }
+	    isEscape = true;
 
 	    s2.append(ch);	
 	  }

diff --git a/hplsql/src/test/java/org/apache/hive/hplsql/TestUtils.java b/hplsql/src/test/java/org/apache/hive/hplsql/TestUtils.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.hive.hplsql;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestUtils {
+
+  @Test
+  public void testUnquoteStringRemovesOneQuoteWhenTwoConsecutive() {
+    Assert.assertEquals("a'a", Utils.unquoteString("'a''a'"));
+    Assert.assertEquals("'a", Utils.unquoteString("'''a'"));
+    Assert.assertEquals("a'", Utils.unquoteString("'a'''"));
+    Assert.assertEquals("''aa", Utils.unquoteString("'''''aa'"));
+    Assert.assertEquals("a''a", Utils.unquoteString("'a''''a'"));
+    Assert.assertEquals("aa''", Utils.unquoteString("'aa'''''"));
+  }
+}
diff --git a/hplsql/src/test/queries/local/dbms_output.sql b/hplsql/src/test/queries/local/dbms_output.sql
@@ -3,4 +3,10 @@ DECLARE
 BEGIN
   DBMS_OUTPUT.PUT_LINE('Hello, world!');
   DBMS_OUTPUT.PUT_LINE(str);
+  DBMS_OUTPUT.PUT_LINE('a''a');
+  DBMS_OUTPUT.PUT_LINE('''a');
+  DBMS_OUTPUT.PUT_LINE('a''');
+  DBMS_OUTPUT.PUT_LINE('''''aa');
+  DBMS_OUTPUT.PUT_LINE('a''''a');
+  DBMS_OUTPUT.PUT_LINE('aa''''');
 END;
diff --git a/hplsql/src/test/results/local/dbms_output.out.txt b/hplsql/src/test/results/local/dbms_output.out.txt
@@ -1,3 +1,9 @@
 Ln:2 DECLARE str VARCHAR = 'Hello, world!'
 Hello, world!
 Hello, world!
+a'a
+'a
+a'
+''aa
+a''a
+aa''