Feature: Ensure token format (#236)

sadu-queries/src/main/java/de/chojo/sadu/queries/parameter/TokenParameter.java

@@ -13,6 +13,9 @@
 import java.sql.PreparedStatement;
 import java.sql.SQLException;
 
+import static de.chojo.sadu.queries.query.TokenizedQuery.ALLOWED_TOKEN_CHARACTER;
+import static de.chojo.sadu.queries.query.TokenizedQuery.TOKEN_PATTERN;
+
 public class TokenParameter implements BaseParameter {
     private final String token;
     private final ThrowingBiConsumer<PreparedStatement, Integer, SQLException> apply;
@@ -23,6 +26,9 @@ public TokenParameter(String token, ThrowingBiConsumer<PreparedStatement, Intege
         } else {
             this.token = token;
         }
+        if (!TOKEN_PATTERN.matcher(this.token).matches()) {
+            throw new IllegalArgumentException("Illegal token \"" + this.token.substring(1) + "\". Tokens may only contain characters which match the expression: \"" + ALLOWED_TOKEN_CHARACTER + "\"");
+        }
         this.apply = apply;
     }
 

sadu-queries/src/main/java/de/chojo/sadu/queries/query/TokenizedQuery.java

@@ -13,7 +13,9 @@
 import java.util.regex.Pattern;
 
 public class TokenizedQuery {
-    private static final Pattern PARAM_TOKEN = Pattern.compile("\\?|(?:([ \t,=(])(?<token>:[a-zA-Z_]+))");
+    public static final String ALLOWED_TOKEN_CHARACTER = "a-zA-Z_";
+    public static final Pattern TOKEN_PATTERN = Pattern.compile(":[" + ALLOWED_TOKEN_CHARACTER + "]+");
+    public static final Pattern PARAM_TOKEN = Pattern.compile("\\?|(?:([ \t,=(])(?<token>" + TOKEN_PATTERN + "))");
     private final Map<Integer, Integer> indexToken;
     private final Map<String, List<Integer>> namedToken;
     private final String sql;

sadu-queries/src/test/java/de/chojo/sadu/queries/examples/BindTest.java

@@ -0,0 +1,57 @@
+/*
+ *     SPDX-License-Identifier: LGPL-3.0-or-later
+ *
+ *     Copyright (C) RainbowDashLabs and Contributor
+ */
+
+package de.chojo.sadu.queries.examples;
+
+import de.chojo.sadu.PostgresDatabase;
+import de.chojo.sadu.mapper.RowMapperRegistry;
+import de.chojo.sadu.mapper.rowmapper.RowMapper;
+import de.chojo.sadu.postgresql.mapper.PostgresqlMapper;
+import de.chojo.sadu.queries.api.configuration.QueryConfiguration;
+import de.chojo.sadu.queries.configuration.QueryConfigurationBuilder;
+import de.chojo.sadu.queries.examples.dao.User;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import java.io.IOException;
+import java.sql.SQLException;
+import java.util.List;
+
+import static de.chojo.sadu.PostgresDatabase.createContainer;
+import static de.chojo.sadu.queries.api.call.Call.call;
+
+@SuppressWarnings({"unused", "ResultOfMethodCallIgnored", "OptionalGetWithoutIsPresent", "RedundantExplicitVariableType"})
+public class BindTest {
+
+    private QueryConfiguration query;
+    private PostgresDatabase.Database db;
+
+
+    @BeforeEach
+    void before() throws IOException, SQLException {
+        db = createContainer("postgres", "postgres");
+        query = new QueryConfigurationBuilder(db.dataSource()).setRowMapperRegistry(new RowMapperRegistry().register(PostgresqlMapper.getDefaultMapper())
+                                                                                                           .register(RowMapper.forClass(User.class).mapper(User.map()).build())).build();
+    }
+
+    @AfterEach
+    void after() {
+        db.close();
+    }
+
+    // Retrieve all matching users directly
+    @Test
+    public void failOnInvalidToken() {
+        Assertions.assertThrows(IllegalArgumentException.class, () -> {
+            List<User> users = query.query("SELECT * FROM users WHERE id = ? AND name ILIKE :name1")
+                                    .single(call().bind(1).bind("name1", "lilly"))
+                                    .map(User.map())
+                                    .all();
+        });
+    }
+}

sadu-queries/src/test/java/de/chojo/sadu/queries/examples/ReadTest.java

@@ -12,9 +12,9 @@
 import de.chojo.sadu.postgresql.mapper.PostgresqlMapper;
 import de.chojo.sadu.queries.api.call.Call;
 import de.chojo.sadu.queries.api.call.calls.Calls;
+import de.chojo.sadu.queries.api.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.api.results.reading.Result;
 import de.chojo.sadu.queries.api.results.writing.manipulation.ManipulationResult;
-import de.chojo.sadu.queries.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.configuration.QueryConfigurationBuilder;
 import de.chojo.sadu.queries.examples.dao.User;
 import org.junit.jupiter.api.AfterEach;

sadu-queries/src/test/java/de/chojo/sadu/queries/examples/TransactionTest.java

@@ -10,8 +10,8 @@
 import de.chojo.sadu.mapper.RowMapperRegistry;
 import de.chojo.sadu.postgresql.mapper.PostgresqlMapper;
 import de.chojo.sadu.queries.api.call.calls.Calls;
+import de.chojo.sadu.queries.api.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.api.results.writing.manipulation.ManipulationResult;
-import de.chojo.sadu.queries.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.configuration.QueryConfigurationBuilder;
 import de.chojo.sadu.queries.examples.dao.User;
 import org.junit.jupiter.api.AfterAll;

sadu-queries/src/test/java/de/chojo/sadu/queries/examples/WriteTest.java

@@ -10,11 +10,11 @@
 import de.chojo.sadu.mapper.RowMapperRegistry;
 import de.chojo.sadu.postgresql.mapper.PostgresqlMapper;
 import de.chojo.sadu.queries.api.call.Call;
+import de.chojo.sadu.queries.api.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.api.results.writing.insertion.InsertionBatchResult;
 import de.chojo.sadu.queries.api.results.writing.insertion.InsertionResult;
 import de.chojo.sadu.queries.api.results.writing.manipulation.ManipulationResult;
 import de.chojo.sadu.queries.call.adapter.UUIDAdapter;
-import de.chojo.sadu.queries.configuration.QueryConfiguration;
 import de.chojo.sadu.queries.configuration.QueryConfigurationBuilder;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;