From a116835ed1e240bf2350390f54d7664e30a787eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bal=C3=A1zs=20Vajner?= <vajner.balazs@gmail.com>
Date: Mon, 16 May 2022 21:33:40 +0200
Subject: [PATCH] fix: quote regex input string

this addresses an issue reported by Sonar
---
 .../autoconfigure/editor/graphiql/GraphiQLController.java      | 3 ++-
 .../autoconfigure/editor/voyager/VoyagerIndexHtmlTemplate.java | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/graphiql/GraphiQLController.java b/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/graphiql/GraphiQLController.java
index f62e8cd4..e2b75513 100644
--- a/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/graphiql/GraphiQLController.java
+++ b/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/graphiql/GraphiQLController.java
@@ -15,6 +15,7 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
+import java.util.regex.Pattern;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -195,7 +196,7 @@ private String constructGraphQlEndpoint(
       String contextPath, @RequestParam Map<String, String> params) {
     String endpoint = graphiQLProperties.getEndpoint().getGraphql();
     for (Map.Entry<String, String> param : params.entrySet()) {
-      endpoint = endpoint.replaceAll("\\{" + param.getKey() + "}", param.getValue());
+      endpoint = endpoint.replaceAll("\\{" + Pattern.quote(param.getKey()) + "}", param.getValue());
     }
     if (StringUtils.isNotBlank(contextPath) && !endpoint.startsWith(contextPath)) {
       return contextPath + endpoint;
diff --git a/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerIndexHtmlTemplate.java b/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerIndexHtmlTemplate.java
index c15f9115..bd17dece 100644
--- a/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerIndexHtmlTemplate.java
+++ b/graphql-spring-boot-autoconfigure/src/main/java/graphql/kickstart/autoconfigure/editor/voyager/VoyagerIndexHtmlTemplate.java
@@ -7,6 +7,7 @@
 import java.nio.charset.Charset;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.regex.Pattern;
 import lombok.RequiredArgsConstructor;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringSubstitutor;
@@ -112,7 +113,7 @@ private String constructGraphQlEndpoint(
       String contextPath, @RequestParam Map<String, String> params) {
     String endpoint = voyagerConfiguration.getEndpoint();
     for (Map.Entry<String, String> param : params.entrySet()) {
-      endpoint = endpoint.replaceAll("\\{" + param.getKey() + "}", param.getValue());
+      endpoint = endpoint.replaceAll("\\{" + Pattern.quote(param.getKey()) + "}", param.getValue());
     }
     if (StringUtils.isNotBlank(contextPath) && !endpoint.startsWith(contextPath)) {
       return contextPath + endpoint;