From 2fdb1e98397e960200506dc23d10f7ee22fd4b6f Mon Sep 17 00:00:00 2001
From: Arthur Chan <gamease@hotmail.com>
Date: Wed, 20 Nov 2024 03:34:59 +0000
Subject: [PATCH] fix: possible StringIndexOutOfBoundsException in
 ExtendedCommand

Closes: #1141

Co-authored-by: Gauthier Roebroeck <gauthier.roebroeck@gmail.com>
---
 src/main/java/org/sqlite/ExtendedCommand.java |  2 +-
 .../java/org/sqlite/ExtendedCommandTest.java  | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/sqlite/ExtendedCommand.java b/src/main/java/org/sqlite/ExtendedCommand.java
index 1a1e205d33..b863f7c889 100755
--- a/src/main/java/org/sqlite/ExtendedCommand.java
+++ b/src/main/java/org/sqlite/ExtendedCommand.java
@@ -54,7 +54,7 @@ public static String removeQuotation(String s) {
         if (s == null) return s;
 
         if ((s.startsWith("\"") && s.endsWith("\"")) || (s.startsWith("'") && s.endsWith("'")))
-            return s.substring(1, s.length() - 1);
+            return (s.length() >= 2) ? s.substring(1, s.length() - 1) : s;
         else return s;
     }
 
diff --git a/src/test/java/org/sqlite/ExtendedCommandTest.java b/src/test/java/org/sqlite/ExtendedCommandTest.java
index ae18f78989..429ce17947 100755
--- a/src/test/java/org/sqlite/ExtendedCommandTest.java
+++ b/src/test/java/org/sqlite/ExtendedCommandTest.java
@@ -12,7 +12,11 @@
 import static org.assertj.core.api.Assertions.assertThat;
 
 import java.sql.SQLException;
+import java.util.stream.Stream;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
 import org.sqlite.ExtendedCommand.BackupCommand;
 import org.sqlite.ExtendedCommand.RestoreCommand;
 import org.sqlite.ExtendedCommand.SQLExtension;
@@ -69,4 +73,22 @@ public void parseRestoreCmd() throws SQLException {
         assertThat(b.targetDB).isEqualTo("main");
         assertThat(b.srcFile).isEqualTo("target/sample.db");
     }
+
+    @ParameterizedTest
+    @MethodSource
+    public void removeQuotation(String input, String expected) throws SQLException {
+        assertThat(ExtendedCommand.removeQuotation(input)).isEqualTo(expected);
+    }
+
+    private static Stream<Arguments> removeQuotation() {
+        return Stream.of(
+                Arguments.of(null, null), // Null String
+                Arguments.of("'", "'"), // String with one single quotation only
+                Arguments.of("\"", "\""), // String with one double quotation only
+                Arguments.of("'Test\"", "'Test\""), // String with two mismatch quotations
+                Arguments.of("'Test'", "Test"), // String with two matching single quotations
+                Arguments.of("\"Test\"", "Test"), // String with two matching double quotations
+                Arguments.of("'Te's\"t'", "Te's\"t") // String with more than two quotations
+                );
+    }
 }