fix: bug with single quote ecape in production mode

core/api.go

@@ -174,7 +174,7 @@ func (sg *SuperGraph) GraphQL(c context.Context, query string, vars json.RawMess
 	// use the chirino/graphql library for introspection queries
 	// disabled when allow list is enforced
 	if !sg.conf.UseAllowList && res.name == "IntrospectionQuery" {
-		r := sg.ge.ExecuteOne(&graphql.EngineRequest{Query: query})
+		r := sg.ge.ServeGraphQL(&graphql.Request{Query: query})
 		res.Data = r.Data
 
 		if r.Error() != nil {

core/args.go

@@ -9,6 +9,8 @@ import (
 	"github.com/dosco/super-graph/jsn"
 )
 
+// argMap function is used to string replace variables with values by
+// the fasttemplate code
 func (c *scontext) argMap() func(w io.Writer, tag string) (int, error) {
 	return func(w io.Writer, tag string) (int, error) {
 		switch tag {
@@ -56,10 +58,13 @@ func (c *scontext) argMap() func(w io.Writer, tag string) (int, error) {
 			return w.Write(v1)
 		}
 
-		return w.Write(escQuote(fields[0].Value))
+		return w.Write(escSQuote(fields[0].Value))
 	}
 }
 
+// argList function is used to create a list of arguments to pass
+// to a prepared statement. FYI no escaping of single quotes is
+// needed here
 func (c *scontext) argList(args [][]byte) ([]interface{}, error) {
 	vars := make([]interface{}, len(args))
 
@@ -113,7 +118,7 @@ func (c *scontext) argList(args [][]byte) ([]interface{}, error) {
 			if v, ok := fields[string(av)]; ok {
 				switch v[0] {
 				case '[', '{':
-					vars[i] = escQuote(v)
+					vars[i] = v
 				default:
 					var val interface{}
 					if err := json.Unmarshal(v, &val); err != nil {
@@ -132,27 +137,25 @@ func (c *scontext) argList(args [][]byte) ([]interface{}, error) {
 	return vars, nil
 }
 
-func escQuote(b []byte) []byte {
-	f := false
-	for i := range b {
-		if b[i] == '\'' {
-			f = true
-			break
-		}
-	}
-	if !f {
-		return b
-	}
-
-	buf := &bytes.Buffer{}
+//
+func escSQuote(b []byte) []byte {
+	var buf *bytes.Buffer
 	s := 0
 	for i := range b {
 		if b[i] == '\'' {
+			if buf == nil {
+				buf = &bytes.Buffer{}
+			}
 			buf.Write(b[s:i])
 			buf.WriteString(`''`)
 			s = i + 1
 		}
 	}
+
+	if buf == nil {
+		return b
+	}
+
 	l := len(b)
 	if s < (l - 1) {
 		buf.Write(b[s:l])

core/args_test.go

@@ -0,0 +1,13 @@
+package core
+
+import "testing"
+
+func TestEscQuote(t *testing.T) {
+	val := "That's the worst, don''t be calling me's again"
+	exp := "That''s the worst, don''''t be calling me''s again"
+	ret := escSQuote([]byte(val))
+
+	if exp != string(ret) {
+		t.Errorf("escSQuote failed: %s", string(ret))
+	}
+}

core/build.go

@@ -167,16 +167,16 @@ func (sg *SuperGraph) renderUserQuery(stmts []stmt) (string, error) {
 	return w.String(), nil
 }
 
-func (sg *SuperGraph) hasTablesWithConfig(qc *qcode.QCode, role *Role) bool {
-	for _, id := range qc.Roots {
-		t, err := sg.schema.GetTable(qc.Selects[id].Name)
-		if err != nil {
-			return false
-		}
+// func (sg *SuperGraph) hasTablesWithConfig(qc *qcode.QCode, role *Role) bool {
+// 	for _, id := range qc.Roots {
+// 		t, err := sg.schema.GetTable(qc.Selects[id].Name)
+// 		if err != nil {
+// 			return false
+// 		}
 
-		if r := role.GetTable(t.Name); r == nil {
-			return false
-		}
-	}
-	return true
-}
+// 		if r := role.GetTable(t.Name); r == nil {
+// 			return false
+// 		}
+// 	}
+// 	return true
+// }

core/internal/integration_tests/cockroachdb/cockroachdb_test.go

@@ -40,8 +40,12 @@ func TestCockroachDB(t *testing.T) {
 	stopDatabase := func() {
 		fmt.Println("stopping temporary cockroach db")
 		if atomic.CompareAndSwapInt32(&stopped, 0, 1) {
-			cmd.Process.Kill()
-			cmd.Process.Wait()
+			if err := cmd.Process.Kill(); err != nil {
+				log.Fatal(err)
+			}
+			if _, err := cmd.Process.Wait(); err != nil {
+				log.Fatal(err)
+			}
 			os.RemoveAll(dir)
 		}
 	}

core/internal/psql/schema.go

@@ -382,7 +382,7 @@ func (s *DBSchema) updateSchemaOTMT(
 
 func (s *DBSchema) GetTableNames() []string {
 	var names []string
-	for name, _ := range s.t {
+	for name := range s.t {
 		names = append(names, name)
 	}
 	return names

core/introspec.go

@@ -29,12 +29,9 @@ func (sg *SuperGraph) initGraphQLEgine() error {
 	engineSchema := engine.Schema
 	dbSchema := sg.schema
 
-	engineSchema.Parse(`
-enum OrderDirection {
-  asc
-  desc
-}
-`)
+	if err := engineSchema.Parse(`enum OrderDirection { asc desc }`); err != nil {
+		return err
+	}
 
 	gqltype := func(col psql.DBColumn) schema.Type {
 		typeName := typeMap[strings.ToLower(col.Type)]
@@ -341,7 +338,7 @@ enum OrderDirection {
 		})
 	}
 
-	for typeName, _ := range scalarExpressionTypesNeeded {
+	for typeName := range scalarExpressionTypesNeeded {
 		expressionType := &schema.InputObject{
 			Name: typeName + "Expression",
 			Fields: schema.InputValueList{
@@ -471,8 +468,7 @@ enum OrderDirection {
 		engineSchema.Types[expressionType.Name] = expressionType
 	}
 
-	err := engineSchema.ResolveTypes()
-	if err != nil {
+	if err := engineSchema.ResolveTypes(); err != nil {
 		return err
 	}
 

core/resolve.go

@@ -120,20 +120,20 @@ func buildFn(r Remote) func(http.Header, []byte) ([]byte, error) {
 		}
 		defer res.Body.Close()
 
-		if r.Debug {
-			// reqDump, err := httputil.DumpRequestOut(req, true)
-			// if err != nil {
-			// 	return nil, err
-			// }
+		// if r.Debug {
+		// reqDump, err := httputil.DumpRequestOut(req, true)
+		// if err != nil {
+		// 	return nil, err
+		// }
 
-			// resDump, err := httputil.DumpResponse(res, true)
-			// if err != nil {
-			// 	return nil, err
-			// }
+		// resDump, err := httputil.DumpResponse(res, true)
+		// if err != nil {
+		// 	return nil, err
+		// }
 
-			// logger.Debug().Msgf("Remote Request Debug:\n%s\n%s",
-			// 	reqDump, resDump)
-		}
+		// logger.Debug().Msgf("Remote Request Debug:\n%s\n%s",
+		// 	reqDump, resDump)
+		// }
 
 		if res.StatusCode != 200 {
 			return nil,