Change request to allow more characters in select (#2)

* Update README.md

To reflect the actual implementation regarding Sort.

* Allow more charecters in select values

* Added wildcards to select

* Added test of wildcards

Author: Niels Wittrup Andersen

README.md

@@ -64,15 +64,19 @@ selects accounts having a balance between 100 and 1000 (both inclusive).
 
 selects the two accounts having account numbers "123456789" and "234567890".
 
+#### Selecting with wildcards
+
+    https://banking.services.sample-bank.dk/accounts?select="name::savings*|name::*loan*"
+
+selects accounts having a name starting with "savings" or containing "loan"
+
 ### Sorting API Capability
 
 Sorting is done using a `sort` Query Parameter. Sort order can be either ascending (default) or descending.
 
 The syntax is:
 
-    sort="<attribute>+/-|<attribute>+/-|..."
-
-and is equivalent to: `sort="<attribute>::+/-|<attribute>::+/-|..."`.
+    sort="<attribute>::+/-|<attribute>::+/-|..."
 
 #### Simple Example
 
@@ -82,7 +86,7 @@ sorts accounts by ascending balance.
 
 #### Sorting on two properties
 
-    https://banking.services.sample-bank.dk/accounts?select=balance|lastUpdate-
+    https://banking.services.sample-bank.dk/accounts?select=balance|lastUpdate::-
 
 sorts accounts by ascending balance and descending lastUpdate.
 
@@ -176,4 +180,4 @@ with links in the `_links` object and the desired projection in the `_embedded`
 The service can choose to return just the accounts including links to transactions under the `_links` object as this is allowed by HAL.
 The query parameter `embed` can be used for evolving the service to match the desires of consumers - if many consumers have the same wishes for
 what to embed, the service provider should consider including more in the responses and endure the added coupling between this service and the
-service that delivers the embedded information. This coupling should of course not be synchronous.
+service that delivers the embedded information. This coupling should of course not be synchronous.

src/main/java/io/openapitools/api/capabilities/Sanitizer.java

@@ -1,5 +1,7 @@
 package io.openapitools.api.capabilities;
 
+import java.util.regex.Pattern;
+
 /**
  * API input sanitizer in a rudimental version.
  */
@@ -10,12 +12,21 @@ private Sanitizer() {
         // reduce scope to avoid default construction
     }
 
+    /**
+     * Joined and escaped string of suspicious content.
+     *
+     * @return String.
+     */
+    static String regexQuotedSuspiciousContent() {
+        return Pattern.quote(String.join("", SUSPICIOUS_CONTENT));
+    }
+
     /**
      * A simple sanitizer that needs to be extended and elaborated to cope with injections and
      * other things that pose as threats to the services and the data they contain and maintain.
      *
-     * @param input an input string received from a non-trustworthy source (in reality every source)
-     * @param allowSpaces should the string be stripped for spaces or allow these to stay
+     * @param input        an input string received from a non-trustworthy source (in reality every source)
+     * @param allowSpaces  should the string be stripped for spaces or allow these to stay
      * @param allowNumbers can the input contain numbers or not
      * @return a sanitized string or an empty string if the sanitation failed for some reason.
      */
@@ -40,7 +51,8 @@ public static String sanitize(String input, boolean allowSpaces, boolean allowNu
 
     /**
      * A default version of the santizer used from the local capabilities and thus
-     * @param input an input string received from a non-trustworthy source (in reality every source)
+     *
+     * @param input       an input string received from a non-trustworthy source (in reality every source)
      * @param allowSpaces should the string be stripped for spaces or allow these to stay
      * @return a sanitized string or an empty string if the sanitation failed for some reason
      */

src/main/java/io/openapitools/api/capabilities/Select.java

@@ -9,7 +9,7 @@
  * <p>
  * Indicated by using an API Query Parameter called {@code select}.
  * <p>
- * The syntax is: {@code select="<attribute>::<value>|<atribute>::<value>|..."}
+ * The syntax is: {@code select="<attribute>::<value>|<attribute>::<value>|..."}
  * <p>
  * Example:
  * <p>
@@ -21,26 +21,19 @@
  * key for an account.
  */
 public final class Select {
-    private static final Pattern REGEX =
-        Pattern.compile("^(([a-z][a-zA-Z_0-9]*)::([a-zA-Z_0-9]+)(-|\\+)?)?((\\|[a-z][a-zA-Z_0-9]*)?::([a-zA-Z_0-9]+)(-|\\+)?)*");
+    private static final String PAIR = "([a-z][a-zA-Z_0-9]*)::([^|" + Sanitizer.regexQuotedSuspiciousContent() + "]+)";
+    private static final Pattern REGEX = Pattern.compile("^" + PAIR + "(\\|" + PAIR + ")*");
+
     private static final CapabilityParser<Select> PARSER = new CapabilityParser<>(REGEX, Select::parseToken);
 
-    private String attribute = "";
-    private String value = "";
+    private String attribute;
+    private String value;
 
     private Select(String attribute, String value) {
         this.attribute = attribute;
         this.value = value;
     }
 
-    public String getAttribute() {
-        return attribute;
-    }
-
-    public String getValue() {
-        return value;
-    }
-
     /**
      * Delivers a set of Select back containing a number of attributes from the part that is within
      * the {@code http:// ..../ some-resource?select="value"} that value may contain one or more attributes
@@ -50,8 +43,6 @@ public String getValue() {
      * {@code "attribute::value|anotherAttribute::thatValue|yetAnotherAttribute::thisValue"}
      * and so on, it may also take the form {@code "attribute::value|attribute::thatValue|attribute::thisValue"}
      * <p>
-     * The regexp is:
-     * {@code ^(([a-z][a-zA-Z_0-9]*)::([a-zA-Z_0-9]+)(-|\\+)?)?((\\|[a-z][a-zA-Z_0-9]*)?::([a-zA-Z_0-9]+)(-|\\+)?)*}
      *
      * @param select the select Query Parameter
      * @return a set of attribute(s) and value(s) used for selecting candidates for the response
@@ -62,13 +53,20 @@ public static List<Select> getSelections(String select) {
 
     private static Optional<Select> parseToken(String token) {
         String attribute = token.substring(0, token.indexOf(':'));
-        return Optional.of(new Select(attribute, getValuefrom(token)));        
+        return Optional.of(new Select(attribute, getValueFrom(token)));
     }
 
-    private static String getValuefrom(String selection) {
+    private static String getValueFrom(String selection) {
         int startsAt = selection.indexOf("::") + "::".length();
         int endsAt = !selection.contains("|") ? selection.length() : selection.indexOf('|');
         return selection.substring(startsAt, endsAt);
     }
 
+    public String getAttribute() {
+        return attribute;
+    }
+
+    public String getValue() {
+        return value;
+    }
 }

src/test/java/io/openapitools/api/capabilities/SelectTest.java

@@ -1,36 +1,37 @@
 package io.openapitools.api.capabilities;
 
+import org.junit.Test;
+
 import java.util.List;
 
 import static org.junit.Assert.assertEquals;
-
-import org.junit.Test;
+import static org.junit.Assert.assertTrue;
 
 public class SelectTest {
 
 
     @Test
-    public void testNoSelection(){
+    public void testNoSelection() {
         List<Select> selections = Select.getSelections(null);
         assertEquals(0, selections.size());
     }
 
     @Test
-    public void testEmptySelection(){
+    public void testEmptySelection() {
         List<Select> selections = Select.getSelections("");
         assertEquals(0, selections.size());
     }
 
     @Test
-    public void testWrongSelection(){
+    public void testWrongSelection() {
         List<Select> selections = Select.getSelections("::");
         assertEquals(0, selections.size());
         selections = Select.getSelections("|");
         assertEquals(0, selections.size());
     }
 
     @Test
-    public void testIllegalSelection(){
+    public void testIllegalSelection() {
         List<Select> selections = Select.getSelections("?::4");
         assertEquals(0, selections.size());
         selections = Select.getSelections("3::4");
@@ -44,33 +45,40 @@ public void testIllegalSelection(){
     }
 
     @Test
-    public void testSimpleSelection(){
+    public void testSimpleSelection() {
         List<Select> selections = Select.getSelections("u::4");
         assertEquals(1, selections.size());
         selections = Select.getSelections("attribute::value");
         assertEquals(1, selections.size());
         selections = Select.getSelections("a::value");
         assertEquals(1, selections.size());
+        selections = Select.getSelections("attribute:: value");
+        assertEquals(1, selections.size());
+        selections = Select.getSelections("attribute:: value ");
+        assertEquals(1, selections.size());
+        selections = Select.getSelections("attribute::value ");
+        assertEquals(1, selections.size());
+    }
+
+    @Test
+    public void testAdditionalSpecific() {
+        assertEquals(" S p a c e s ", Select.getSelections("attribute:: S p a c e s ").get(0).getValue());
+        assertEquals("(parenthesis)", Select.getSelections("attribute::(parenthesis)").get(0).getValue());
+        assertEquals("forward/slash", Select.getSelections("attribute::forward/slash").get(0).getValue());
     }
 
     @Test
-    public void testSelectionWithWhiteSpaceAttribute(){
+    public void testSelectionWithWhiteSpaceAttribute() {
         List<Select> selections = Select.getSelections("attribute ::value");
         assertEquals(0, selections.size());
         selections = Select.getSelections("attribute ::value");
         assertEquals(0, selections.size());
         selections = Select.getSelections(" attribute::value");
         assertEquals(0, selections.size());
-        selections = Select.getSelections("attribute:: value");
-        assertEquals(0, selections.size());
-        selections = Select.getSelections("attribute:: value ");
-        assertEquals(0, selections.size());
-        selections = Select.getSelections("attribute::value ");
-        assertEquals(0, selections.size());
     }
 
     @Test
-    public void testSelectionWithSuspiciousCharacters(){
+    public void testSelectionWithSuspiciousCharacters() {
         List<Select> selections = Select.getSelections("attribute or '1' = '1::value");
         assertEquals(0, selections.size());
         selections = Select.getSelections("attribute or '1' = '1::value");
@@ -90,7 +98,7 @@ public void testSelectionWithSuspiciousCharacters(){
     }
 
     @Test
-    public void testSelectionCriteria(){
+    public void testSelectionCriteria() {
         List<Select> selections = Select.getSelections("attribute::value|otherAttribute::otherValue");
         assertEquals(2, selections.size());
         boolean attributeValueObserved = false;
@@ -112,7 +120,7 @@ public void testSelectionCriteria(){
     }
 
     @Test
-    public void testSelectionHavingMultipleCriteria(){
+    public void testSelectionHavingMultipleCriteria() {
         List<Select> selections = Select.getSelections("attribute::value|otherAttribute::otherValue");
         assertEquals(2, selections.size());
         boolean attributeValueObserved = false;
@@ -157,7 +165,7 @@ public void testSelectionHavingMultipleCriteria(){
     }
 
     @Test
-    public void testIllegalSelections(){
+    public void testIllegalSelections() {
         List<Select> selections = Select.getSelections("?::4|a::b");
         assertEquals(0, selections.size());
         selections = Select.getSelections("?::4|a::b");
@@ -167,5 +175,13 @@ public void testIllegalSelections(){
         selections = Select.getSelections("v::g|f::j|u::iio|3::4");
         assertEquals(0, selections.size());
     }
-
+    
+    @Test
+    public void testWildcards() {
+        List<Select> selections = Select.getSelections("name::*loan|name::savings*");
+        assertEquals(2, selections.size());
+        for (Select sel : selections) {
+            assertTrue(sel.getValue().equals("*loan") || sel.getValue().equals("savings*"));
+        }
+    }
 }