DATAMONGO-1565 - Ignore placeholder pattern in replacement values for annotated queries.

We now make sure to quote single and double ticks in the replacement values before actually appending them to the query. We also replace single ticks around parameters in the actual raw annotated query by double quotes to make sure they are treated as a single string parameter.

Author: christophstrobl

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/convert/QueryMapper.java

@@ -23,6 +23,7 @@
 import java.util.Map.Entry;
 import java.util.Set;
 
+import org.bson.BsonValue;
 import org.bson.Document;
 import org.bson.conversions.Bson;
 import org.bson.types.ObjectId;
@@ -408,6 +409,10 @@ protected Object convertSimpleOrDocument(Object source, MongoPersistentEntity<?>
 			return getMappedObject((BasicDBObject) source, entity);
 		}
 
+		if(source instanceof BsonValue) {
+			return source;
+		}
+
 		return delegateConvertToMongoType(source, entity);
 	}
 

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/query/BasicQuery.java

@@ -63,8 +63,9 @@ public BasicQuery(Document queryObject) {
 	 * @param fields may be {@literal null}.
 	 */
 	public BasicQuery(String query, String fields) {
-		this.queryObject = query != null ? new Document(((DBObject) JSON.parse(query)).toMap()) : null;
-		this.fieldsObject = fields != null ? new Document(((DBObject) JSON.parse(fields)).toMap()) : null;
+
+		this.queryObject = query != null ? Document.parse(query) : null;
+		this.fieldsObject = fields != null ? Document.parse(fields) : null;
 	}
 
 	/**

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/repository/query/ExpressionEvaluatingParameterBinder.java

@@ -15,8 +15,13 @@
  */
 package org.springframework.data.mongodb.repository.query;
 
-import java.util.Collections;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import javax.xml.bind.DatatypeConverter;
 
@@ -94,47 +99,67 @@ private String replacePlaceholders(String input, MongoParameterAccessor accessor
 			return input;
 		}
 
-		boolean isCompletlyParameterizedQuery = input.matches("^\\?\\d+$");
-		StringBuilder result = new StringBuilder(input);
-
-		for (ParameterBinding binding : bindingContext.getBindings()) {
+		if (input.matches("^\\?\\d+$")) {
+			return getParameterValueForBinding(accessor, bindingContext.getParameters(),
+					bindingContext.getBindings().iterator().next());
+		}
 
-			String parameter = binding.getParameter();
-			int idx = result.indexOf(parameter);
+		Matcher matcher = createReplacementPattern(bindingContext.getBindings()).matcher(input);
+		StringBuffer buffer = new StringBuffer();
 
-			if (idx == -1) {
-				continue;
-			}
+		while (matcher.find()) {
 
+			ParameterBinding binding = bindingContext.getBindingFor(extractPlaceholder(matcher.group()));
 			String valueForBinding = getParameterValueForBinding(accessor, bindingContext.getParameters(), binding);
 
-			int start = idx;
-			int end = idx + parameter.length();
+			// appendReplacement does not like unescaped $ sign and others, so we need to quote that stuff first
+			matcher.appendReplacement(buffer, Matcher.quoteReplacement(valueForBinding));
+
+			if (binding.isQuoted()) {
+				postProcessQuotedBinding(buffer, valueForBinding);
+			}
+		}
+
+		matcher.appendTail(buffer);
+		return buffer.toString();
+	}
 
-			// If the value to bind is an object literal we need to remove the quoting around the expression insertion point.
-			if (valueForBinding.startsWith("{") && !isCompletlyParameterizedQuery) {
+	/**
+	 * Sanitize String binding by replacing single quoted values with double quotes which prevents potential single quotes
+	 * contained in replacement to interfere with the Json parsing. Also take care of complex objects by removing the
+	 * quotation entirely.
+	 *
+	 * @param buffer the {@link StringBuffer} to operate upon.
+	 * @param valueForBinding the actual binding value.
+	 */
+	private void postProcessQuotedBinding(StringBuffer buffer, String valueForBinding) {
 
-				// Is the insertion point actually surrounded by quotes?
-				char beforeStart = result.charAt(start - 1);
-				char afterEnd = result.charAt(end);
+		int quotationMarkIndex = buffer.length() - valueForBinding.length() - 1;
+		char quotationMark = buffer.charAt(quotationMarkIndex);
 
-				if ((beforeStart == '\'' || beforeStart == '"') && (afterEnd == '\'' || afterEnd == '"')) {
+		while (quotationMark != '\'' && quotationMark != '"') {
 
-					// Skip preceding and following quote
-					start -= 1;
-					end += 1;
-				}
+			quotationMarkIndex--;
+			if (quotationMarkIndex < 0) {
+				throw new IllegalArgumentException("Could not find opening quotes for quoted parameter");
 			}
-
-			result.replace(start, end, valueForBinding);
+			quotationMark = buffer.charAt(quotationMarkIndex);
 		}
 
-		return result.toString();
+		if (valueForBinding.startsWith("{")) { // remove quotation char before the complex object string
+			buffer.deleteCharAt(quotationMarkIndex);
+		} else {
+
+			if (quotationMark == '\'') {
+				buffer.replace(quotationMarkIndex, quotationMarkIndex + 1, "\"");
+			}
+			buffer.append("\"");
+		}
 	}
 
 	/**
 	 * Returns the serialized value to be used for the given {@link ParameterBinding}.
-	 * 
+	 *
 	 * @param accessor must not be {@literal null}.
 	 * @param parameters
 	 * @param binding must not be {@literal null}.
@@ -148,15 +173,15 @@ private String getParameterValueForBinding(MongoParameterAccessor accessor, Mong
 				: accessor.getBindableValue(binding.getParameterIndex());
 
 		if (value instanceof String && binding.isQuoted()) {
-			return (String) value;
+			return ((String) value).startsWith("{") ? (String) value : ((String) value).replace("\"", "\\\"");
 		}
 
 		if (value instanceof byte[]) {
 
 			String base64representation = DatatypeConverter.printBase64Binary((byte[]) value);
 
 			if (!binding.isQuoted()) {
-				return "{ '$binary' : '" + base64representation + "', '$type' : " + BSON.B_GENERAL + "}";
+				return "{ '$binary' : '" + base64representation + "', '$type' : '" + BSON.B_GENERAL + "'}";
 			}
 
 			return base64representation;
@@ -167,7 +192,7 @@ private String getParameterValueForBinding(MongoParameterAccessor accessor, Mong
 
 	/**
 	 * Evaluates the given {@code expressionString}.
-	 * 
+	 *
 	 * @param expressionString must not be {@literal null} or empty.
 	 * @param parameters must not be {@literal null}.
 	 * @param parameterValues must not be {@literal null}.
@@ -181,25 +206,59 @@ private Object evaluateExpression(String expressionString, MongoParameters param
 		return expression.getValue(evaluationContext, Object.class);
 	}
 
+	/**
+	 * Creates a replacement {@link Pattern} for all {@link ParameterBinding#getParameter() binding parameters} including
+	 * a potentially trailing quotation mark.
+	 *
+	 * @param bindings
+	 * @return
+	 */
+	private Pattern createReplacementPattern(List<ParameterBinding> bindings) {
+
+		StringBuilder regex = new StringBuilder();
+		for (ParameterBinding binding : bindings) {
+			regex.append("|");
+			regex.append(Pattern.quote(binding.getParameter()));
+			regex.append("['\"]?"); // potential quotation char (as in { foo : '?0' }).
+		}
+
+		return Pattern.compile(regex.substring(1));
+	}
+
+	/**
+	 * Extract the placeholder stripping any trailing trailing quotation mark that might have resulted from the
+	 * {@link #createReplacementPattern(List) pattern} used.
+	 *
+	 * @param groupName The actual {@link Matcher#group() group}.
+	 * @return
+	 */
+	private String extractPlaceholder(String groupName) {
+
+		if (!groupName.endsWith("'") && !groupName.endsWith("\"")) {
+			return groupName;
+		}
+		return groupName.substring(0, groupName.length() - 1);
+	}
+
 	/**
 	 * @author Christoph Strobl
 	 * @since 1.9
 	 */
 	static class BindingContext {
 
 		final MongoParameters parameters;
-		final List<ParameterBinding> bindings;
+		final Map<String, ParameterBinding> bindings;
 
 		/**
 		 * Creates new {@link BindingContext}.
-		 * 
+		 *
 		 * @param parameters
 		 * @param bindings
 		 */
 		public BindingContext(MongoParameters parameters, List<ParameterBinding> bindings) {
 
 			this.parameters = parameters;
-			this.bindings = bindings;
+			this.bindings = mapBindings(bindings);
 		}
 
 		/**
@@ -211,11 +270,28 @@ boolean hasBindings() {
 
 		/**
 		 * Get unmodifiable list of {@link ParameterBinding}s.
-		 * 
+		 *
 		 * @return never {@literal null}.
 		 */
 		public List<ParameterBinding> getBindings() {
-			return Collections.unmodifiableList(bindings);
+			return new ArrayList<ParameterBinding>(bindings.values());
+		}
+
+		/**
+		 * Get the concrete {@link ParameterBinding} for a given {@literal placeholder}.
+		 * 
+		 * @param placeholder must not be {@literal null}.
+		 * @return
+		 * @throws java.util.NoSuchElementException
+		 * @since 1.10
+		 */
+		ParameterBinding getBindingFor(String placeholder) {
+
+			if (!bindings.containsKey(placeholder)) {
+				throw new NoSuchElementException(String.format("Could not to find binding for placeholder '%s'.", placeholder));
+			}
+
+			return bindings.get(placeholder);
 		}
 
 		/**
@@ -227,5 +303,13 @@ public MongoParameters getParameters() {
 			return parameters;
 		}
 
+		private static Map<String, ParameterBinding> mapBindings(List<ParameterBinding> bindings) {
+
+			Map<String, ParameterBinding> map = new LinkedHashMap<String, ParameterBinding>(bindings.size(), 1);
+			for (ParameterBinding binding : bindings) {
+				map.put(binding.getParameter(), binding);
+			}
+			return map;
+		}
 	}
 }

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/repository/PersonRepository.java

@@ -119,7 +119,7 @@ public interface PersonRepository extends MongoRepository<Person, String>, Query
 	 */
 	Page<Person> findByLastnameLike(String lastname, Pageable pageable);
 
-	@Query("{ 'lastname' : { '$regex' : ?0, '$options' : ''}}")
+	@Query("{ 'lastname' : { '$regex' : '?0', '$options' : 'i'}}")
 	Page<Person> findByLastnameLikeWithPageable(String lastname, Pageable pageable);
 
 	/**
@@ -335,7 +335,7 @@ public interface PersonRepository extends MongoRepository<Person, String>, Query
 	/**
 	 * @see DATAMONGO-745
 	 */
-	@Query("{lastname:?0, address.street:{$in:?1}}")
+	@Query("{lastname:?0, 'address.street':{$in:?1}}")
 	Page<Person> findByCustomQueryLastnameAndAddressStreetInList(String lastname, List<String> streetNames,
 			Pageable page);
 

spring-data-mongodb/src/test/java/org/springframework/data/mongodb/repository/query/ReactiveStringBasedMongoQueryUnitTests.java

@@ -240,7 +240,7 @@ public void shouldSupportNonQuotedBinaryDataReplacement() throws Exception {
 
 		org.springframework.data.mongodb.core.query.Query query = mongoQuery.createQuery(accesor);
 		org.springframework.data.mongodb.core.query.Query reference = new BasicQuery("{'lastname' : { '$binary' : '"
-				+ DatatypeConverter.printBase64Binary(binaryData) + "', '$type' : " + BSON.B_GENERAL + "}}");
+				+ DatatypeConverter.printBase64Binary(binaryData) + "', '$type' : '" + BSON.B_GENERAL + "'}}");
 
 		assertThat(query.getQueryObject().toJson(), is(reference.getQueryObject().toJson()));
 	}