restricting search queries

TheJacksonLaboratory · Oct 25, 2024 · 17e9727 · 17e9727
1 parent 099b63a
commit 17e9727
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 4 deletions.
diff --git a/build.gradle b/build.gradle
@@ -7,7 +7,7 @@ plugins {
     id("com.dorongold.task-tree") version "3.0.0"
 }
 
-version = "0.5.17"
+version = "0.5.18"
 group = "org.jacksonlaboratory"
 
 repositories {

diff --git a/src/main/java/org/jacksonlaboratory/Application.java b/src/main/java/org/jacksonlaboratory/Application.java
@@ -8,7 +8,7 @@
     info = @Info(
             title = "ontology-service-${ontology}",
             description = "A restful service for the ${ontology} ontology.",
-            version = "0.5.17",
+            version = "0.5.18",
             contact = @Contact(name = "Michael Gargano", email = "[email protected]")
     )
 )

diff --git a/src/main/java/org/jacksonlaboratory/controller/SearchController.java b/src/main/java/org/jacksonlaboratory/controller/SearchController.java
@@ -4,6 +4,7 @@
 import io.micronaut.http.annotation.Get;
 import io.micronaut.http.annotation.QueryValue;
 import io.micronaut.serde.annotation.SerdeImport;
+import jakarta.validation.constraints.Pattern;
 import org.jacksonlaboratory.model.dto.SearchDto;
 import org.jacksonlaboratory.model.entity.OntologyTerm;
 import org.jacksonlaboratory.service.TermService;
@@ -29,11 +30,11 @@ public SearchController(TermService termService) {
      */
 	@Get(produces="application/json")
 	public SearchDto search(
-			@QueryValue("q") @Schema(minLength = 3, maxLength = 250, type = "string", pattern = ".*")  String query,
+			@QueryValue("q") @Schema(minLength = 3, maxLength = 250, type = "string", pattern = "^[a-zA-Z0-9\\s\\-':,]+$") @Pattern(regexp = "^[a-zA-Z0-9\\s\\-':,]+$") String query,
 			@QueryValue(value = "page", defaultValue = "0") @Schema(maxLength = 1000, type = "number") int page,
 			@QueryValue(value = "limit", defaultValue = "10") @Schema(maxLength = 1000, type = "number") int limit
 	) {
-		List<OntologyTerm> terms = this.termService.searchOntologyTerm(query);
+		List<OntologyTerm> terms = this.termService.searchOntologyTerm(query.trim());
 		if (limit == -1) {
 			return new SearchDto(terms,  terms.size());
 		} else {

diff --git a/src/test/groovy/org/jacksonlaboratory/controller/SearchControllerSpec.groovy b/src/test/groovy/org/jacksonlaboratory/controller/SearchControllerSpec.groovy
@@ -2,8 +2,10 @@ package org.jacksonlaboratory.controller
 
 import io.micronaut.context.annotation.Property
 import io.micronaut.http.HttpRequest
+import io.micronaut.http.HttpStatus
 import io.micronaut.http.client.annotation.Client
 import io.micronaut.http.client.HttpClient
+import io.micronaut.http.client.exceptions.HttpClientResponseException
 import io.micronaut.test.annotation.MockBean
 import io.micronaut.test.extensions.spock.annotation.MicronautTest
 import jakarta.inject.Inject
@@ -41,6 +43,19 @@ class SearchControllerSpec extends Specification {
         "arach" | [new OntologyTerm(TermId.of("HP:000003"), "fake name", "fake def", "comment", "", "", 0)] | -1
     }
 
+    void "should 404 search #q and return nothing"() {
+        when:
+        def response = client.toBlocking().retrieve(HttpRequest.GET('/api/hp/search?q='+ q + "&limit=" + limit), Map.class)
+        then:
+        def e = thrown(HttpClientResponseException)
+        e.status.getCode() == 400
+        where:
+        q | res | limit
+        ")arach" | [] | 10
+        "arach%3B" | [] | -1
+    }
+
+
     @MockBean(TermService)
     TermService termService() {
         Mock(TermService)