fix: possible StringIndexOutOfBoundsException in ExtendedCommand

Closes: #1141 Co-authored-by: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
xerial · Nov 20, 2024 · 2fdb1e9 · 2fdb1e9
1 parent da8596c
commit 2fdb1e9
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/src/main/java/org/sqlite/ExtendedCommand.java b/src/main/java/org/sqlite/ExtendedCommand.java
@@ -54,7 +54,7 @@ public static String removeQuotation(String s) {
         if (s == null) return s;
 
         if ((s.startsWith("\"") && s.endsWith("\"")) || (s.startsWith("'") && s.endsWith("'")))
-            return s.substring(1, s.length() - 1);
+            return (s.length() >= 2) ? s.substring(1, s.length() - 1) : s;
         else return s;
     }
 

diff --git a/src/test/java/org/sqlite/ExtendedCommandTest.java b/src/test/java/org/sqlite/ExtendedCommandTest.java
@@ -12,7 +12,11 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.sql.SQLException;
+import java.util.stream.Stream;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.sqlite.ExtendedCommand.BackupCommand;
 import org.sqlite.ExtendedCommand.RestoreCommand;
 import org.sqlite.ExtendedCommand.SQLExtension;
@@ -69,4 +73,22 @@ public void parseRestoreCmd() throws SQLException {
         assertThat(b.targetDB).isEqualTo("main");
         assertThat(b.srcFile).isEqualTo("target/sample.db");
     }
+
+    @ParameterizedTest
+    @MethodSource
+    public void removeQuotation(String input, String expected) throws SQLException {
+        assertThat(ExtendedCommand.removeQuotation(input)).isEqualTo(expected);
+    }
+
+    private static Stream<Arguments> removeQuotation() {
+        return Stream.of(
+                Arguments.of(null, null), // Null String
+                Arguments.of("'", "'"), // String with one single quotation only
+                Arguments.of("\"", "\""), // String with one double quotation only
+                Arguments.of("'Test\"", "'Test\""), // String with two mismatch quotations
+                Arguments.of("'Test'", "Test"), // String with two matching single quotations
+                Arguments.of("\"Test\"", "Test"), // String with two matching double quotations
+                Arguments.of("'Te's\"t'", "Te's\"t") // String with more than two quotations
+                );
+    }
 }