Properly escape constant regex patterns (#3299)

roji · roji · commit 55dd99eca42e · 2024-09-27T00:22:30.000+02:00
Fixes #3292 (cherry picked from commit d316b35)
diff --git a/src/EFCore.PG/Query/Internal/NpgsqlQuerySqlGenerator.cs b/src/EFCore.PG/Query/Internal/NpgsqlQuerySqlGenerator.cs
@@ -962,7 +962,7 @@ protected virtual Expression VisitRegexMatch(PgRegexMatchExpression expression)
         }
         else
         {
-            Sql.Append(constantPattern);
+            Sql.Append(constantPattern.Replace("'", "''"));
             Sql.Append("'");
         }
 
diff --git a/test/EFCore.PG.FunctionalTests/Query/NorthwindFunctionsQueryNpgsqlTest.cs b/test/EFCore.PG.FunctionalTests/Query/NorthwindFunctionsQueryNpgsqlTest.cs
@@ -118,6 +118,23 @@ await AssertQuery(
 """);
     }
 
+    [Theory]
+    [MemberData(nameof(IsAsyncData))]
+    public async Task Regex_IsMatch_with_constant_pattern_properly_escaped(bool async)
+    {
+        await AssertQuery(
+            async,
+            cs => cs.Set<Customer>().Where(c => Regex.IsMatch(c.CompanyName, "^A';foo")),
+            assertEmpty: true);
+
+        AssertSql(
+            """
+SELECT c."CustomerID", c."Address", c."City", c."CompanyName", c."ContactName", c."ContactTitle", c."Country", c."Fax", c."Phone", c."PostalCode", c."Region"
+FROM "Customers" AS c
+WHERE c."CompanyName" ~ '(?p)^A'';foo'
+""");
+    }
+
     [Theory]
     [MemberData(nameof(IsAsyncData))]
     public async Task Regex_IsMatch_with_parameter_pattern(bool async)

Original file line number	Diff line number	Diff line change
`@@ -962,7 +962,7 @@ protected virtual Expression VisitRegexMatch(PgRegexMatchExpression expression)`
`962`	`962`	`}`
`963`	`963`	`else`
`964`	`964`	`{`
`965`		`- Sql.Append(constantPattern);`
	`965`	`+ Sql.Append(constantPattern.Replace("'", "''"));`
`966`	`966`	`Sql.Append("'");`
`967`	`967`	`}`
`968`	`968`