feat(core): escape single quotes in all enum descriptions and deprecation reasons

Author: adambenhassen

.changeset/large-walls-wash.md

@@ -0,0 +1,5 @@
+---
+'@graphql-inspector/core': minor
+---
+
+Escape single quotes in all enum descriptions and deprecation reasons for better data integrity

packages/core/__tests__/diff/enum.test.ts

@@ -274,4 +274,105 @@ describe('enum', () => {
     expect(change.criticality.reason).toBeDefined();
     expect(change.message).toEqual(`Enum value 'C' was added to enum 'enumA'`);
   });
-});
+
+  describe('string escaping', () => {
+    test('deprecation reason changed with escaped single quotes', async () => {
+      const a = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A @deprecated(reason: "It's old")
+          B
+        }
+      `);
+
+      const b = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A @deprecated(reason: "It's new")
+          B
+        }
+      `);
+
+      const changes = await diff(a, b);
+      const change = findFirstChangeByPath(changes, 'enumA.A');
+
+      expect(changes.length).toEqual(1);
+      expect(change.criticality.level).toEqual(CriticalityLevel.NonBreaking);
+      expect(change.message).toEqual(
+        `Enum value 'enumA.A' deprecation reason changed from 'It\\'s old' to 'It\\'s new'`,
+      );
+    });
+
+    test('deprecation reason added with escaped single quotes', async () => {
+      const a = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A
+          B
+        }
+      `);
+
+      const b = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A @deprecated(reason: "Don't use this")
+          B
+        }
+      `);
+
+      const changes = await diff(a, b);
+      const change = findFirstChangeByPath(changes, 'enumA.A');
+
+      expect(changes.length).toEqual(2);
+      expect(change.criticality.level).toEqual(CriticalityLevel.NonBreaking);
+      expect(change.message).toEqual(
+        `Enum value 'enumA.A' was deprecated with reason 'Don\\'t use this'`,
+      );
+    });
+
+    test('deprecation reason without single quotes is unchanged', async () => {
+      const a = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A @deprecated(reason: "Old Reason")
+          B
+        }
+      `);
+
+      const b = buildSchema(/* GraphQL */ `
+        type Query {
+          fieldA: String
+        }
+
+        enum enumA {
+          A @deprecated(reason: "New Reason")
+          B
+        }
+      `);
+
+      const changes = await diff(a, b);
+      const change = findFirstChangeByPath(changes, 'enumA.A');
+
+      expect(changes.length).toEqual(1);
+      expect(change.criticality.level).toEqual(CriticalityLevel.NonBreaking);
+      expect(change.message).toEqual(
+        `Enum value 'enumA.A' deprecation reason changed from 'Old Reason' to 'New Reason'`,
+      );
+    });
+  });
+});

packages/core/__tests__/utils/string.test.ts

@@ -1,4 +1,4 @@
-import { safeString } from '../../src/utils/string.js';
+import { fmt, safeString } from '../../src/utils/string.js';
 
 test('scalars', () => {
   expect(safeString(0)).toBe('0');
@@ -33,3 +33,18 @@ test('array', () => {
     '[ { foo: 42 } ]',
   );
 });
+
+describe('fmt', () => {
+  test('escapes single quotes in strings', () => {
+    expect(fmt("It's a test")).toBe("It\\'s a test");
+    expect(fmt("Don't do this")).toBe("Don\\'t do this");
+    expect(fmt("'quoted'")).toBe("\\'quoted\\'");
+  });
+
+  test('handles strings without single quotes', () => {
+    expect(fmt('test')).toBe('test');
+    expect(fmt('Old Reason')).toBe('Old Reason');
+    expect(fmt('enumA.B')).toBe('enumA.B');
+    expect(fmt('')).toBe('');
+  });
+});

packages/core/src/diff/changes/enum.ts

@@ -11,11 +11,10 @@ import {
   EnumValueDescriptionChangedChange,
   EnumValueRemovedChange,
 } from './change.js';
+import { fmt } from '../../utils/string.js';
 
 function buildEnumValueRemovedMessage(args: EnumValueRemovedChange['meta']) {
-  return `Enum value '${args.removedEnumValueName}' ${
-    args.isEnumValueDeprecated ? '(deprecated) ' : ''
-  }was removed from enum '${args.enumName}'`;
+  return `Enum value '${args.removedEnumValueName}' ${args.isEnumValueDeprecated ? '(deprecated) ' : ''}was removed from enum '${args.enumName}'`;
 }
 
 const enumValueRemovedCriticalityBreakingReason = `Removing an enum value will cause existing queries that use this enum value to error.`;
@@ -80,13 +79,11 @@ export function enumValueAdded(
 }
 
 function buildEnumValueDescriptionChangedMessage(args: EnumValueDescriptionChangedChange['meta']) {
+  const oldDesc = fmt(args.oldEnumValueDescription ?? 'undefined');
+  const newDesc = fmt(args.newEnumValueDescription ?? 'undefined');
   return args.oldEnumValueDescription === null
-    ? `Description '${args.newEnumValueDescription ?? 'undefined'}' was added to enum value '${
-        args.enumName
-      }.${args.enumValueName}'`
-    : `Description for enum value '${args.enumName}.${args.enumValueName}' changed from '${
-        args.oldEnumValueDescription ?? 'undefined'
-      }' to '${args.newEnumValueDescription ?? 'undefined'}'`;
+    ? `Description '${newDesc}' was added to enum value '${args.enumName}.${args.enumValueName}'`
+    : `Description for enum value '${args.enumName}.${args.enumValueName}' changed from '${oldDesc}' to '${newDesc}'`;
 }
 
 export function enumValueDescriptionChangedFromMeta(
@@ -122,7 +119,9 @@ export function enumValueDescriptionChanged(
 function buildEnumValueDeprecationChangedMessage(
   args: EnumValueDeprecationReasonChangedChange['meta'],
 ) {
-  return `Enum value '${args.enumName}.${args.enumValueName}' deprecation reason changed from '${args.oldEnumValueDeprecationReason}' to '${args.newEnumValueDeprecationReason}'`;
+  const oldReason = fmt(args.oldEnumValueDeprecationReason);
+  const newReason = fmt(args.newEnumValueDeprecationReason);
+  return `Enum value '${args.enumName}.${args.enumValueName}' deprecation reason changed from '${oldReason}' to '${newReason}'`;
 }
 
 export function enumValueDeprecationReasonChangedFromMeta(
@@ -158,7 +157,8 @@ export function enumValueDeprecationReasonChanged(
 function buildEnumValueDeprecationReasonAddedMessage(
   args: EnumValueDeprecationReasonAddedChange['meta'],
 ) {
-  return `Enum value '${args.enumName}.${args.enumValueName}' was deprecated with reason '${args.addedValueDeprecationReason}'`;
+  const reason = fmt(args.addedValueDeprecationReason);
+  return `Enum value '${args.enumName}.${args.enumValueName}' was deprecated with reason '${reason}'`;
 }
 
 export function enumValueDeprecationReasonAddedFromMeta(

packages/core/src/utils/string.ts

@@ -80,3 +80,7 @@ export function safeString(obj: unknown) {
     .replace(/\[Object: null prototype\] /g, '')
     .replace(/(^')|('$)/g, '');
 }
+
+export function fmt(reason: string): string {
+  return reason.replace(/'/g, "\\'");
+}