fix: escape regex metacharacters in Q.like (LokiJS adapter diverges from SQLite)#1968
Open
sravan27 wants to merge 1 commit into
Open
fix: escape regex metacharacters in Q.like (LokiJS adapter diverges from SQLite)#1968sravan27 wants to merge 1 commit into
sravan27 wants to merge 1 commit into
Conversation
`likeToRegexp` (LokiJS/web adapter, used for Q.like/Q.notLike) built a RegExp
from the LIKE pattern without escaping regex special characters. SQL LIKE treats
everything except `%`/`_` as a literal, and the SQLite adapter does too, so the
two adapters diverged:
- silent wrong results: `Q.like('%.pdf')` matched 'docXpdf' (`.` = any char) on
LokiJS but only real '.pdf' on SQLite; `Q.like('a.b')` matched 'axb'
- crash: `Q.like('a(b')` / `Q.like('%(foo)%')` threw "Invalid regular expression"
Escape regex metacharacters before substituting the `%`/`_` wildcards. The
`s`/`i` flags are unchanged, so dotall + case-insensitive behaviour is preserved.
Adds regression tests.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
likeToRegexp(used by the LokiJS/web adapter to evaluateQ.like/Q.notLike) builds aRegExpfrom the LIKE pattern but never escapes regex special characters — it only maps%→.*and_→.. SQLLIKEtreats every character other than%/_as a literal, and the SQLite adapter passes the pattern straight to SQLLIKE, so the two adapters disagree:Q.like('%.pdf')matches'docXpdf'on LokiJS (.= any char) but only real.pdfstrings on SQLite;Q.like('a.b')matches'axb'.Q.like('a(b')/Q.like('%(foo)%')throwsSyntaxError: Invalid regular expression(unbalanced group) on the LokiJS/web adapter.Fix
Escape regex metacharacters before substituting the
%/_wildcards. Thes/iflags are unchanged, so dotall + case-insensitive behaviour is preserved.Tests
Added
src/utils/fp/likeToRegexp/test.js: wildcards, dotall + case-insensitivity (no regression), literal metacharacters (matching the SQLite adapter), and the no-crash cases. The mapping was also cross-checked against SQLiteLIKEwith a reference script — the current implementation diverges or crashes on 6/12 inputs; the fixed one matches all 12.Opened as a draft pending a CI run.