YQL-19747: Recover from unclosed ID_QUOTED

The simplest solution actually is an SQL injection.

---

- Related to `YQL-19747`
- Related to #9056
- Related to #18146
- Related to vityaman#46

---

Pull Request resolved: ytsaurus/ytsaurus#1283
commit_hash:7043e7cdd1e0d378926783d31cf5f8e055393aaa

Author: vityaman

yql/essentials/sql/v1/complete/core/input.h

@@ -9,6 +9,11 @@ namespace NSQLComplete {
         size_t CursorPosition = Text.length();
     };
 
+    struct TMaterializedInput {
+        TString Text;
+        size_t CursorPosition = Text.length();
+    };
+
     TCompletionInput SharpedInput(TString& text Y_LIFETIME_BOUND);
 
 } // namespace NSQLComplete

yql/essentials/sql/v1/complete/sql_complete_ut.cpp

@@ -508,7 +508,12 @@ Y_UNIT_TEST_SUITE(SqlCompleteTests) {
             UNIT_ASSERT_VALUES_EQUAL(actual.CompletedToken.Content, "pr");
         }
         {
-            TVector<TCandidate> expected = {};
+            TVector<TCandidate> expected = {
+                {FolderName, ".sys/"},
+                {FolderName, "local/"},
+                {FolderName, "prod/"},
+                {FolderName, "test/"},
+            };
             UNIT_ASSERT_VALUES_EQUAL(Complete(engine, "SELECT * FROM `#"), expected);
         }
         {
@@ -564,6 +569,26 @@ Y_UNIT_TEST_SUITE(SqlCompleteTests) {
         }
     }
 
+    Y_UNIT_TEST(SelectFromUnclosedIdQuoted) {
+        auto engine = MakeSqlCompletionEngineUT();
+        {
+            TVector<TCandidate> expected = {
+                {FolderName, ".sys/"},
+                {FolderName, "local/"},
+                {FolderName, "prod/"},
+                {FolderName, "test/"},
+            };
+            UNIT_ASSERT_VALUES_EQUAL(Complete(engine, "SELECT * FROM `#"), expected);
+        }
+        {
+            TVector<TCandidate> expected = {
+                {TableName, "meta"},
+                {FolderName, "service/"},
+            };
+            UNIT_ASSERT_VALUES_EQUAL(Complete(engine, "SELECT * FROM `test/"), expected);
+        }
+    }
+
     Y_UNIT_TEST(SelectFromCluster) {
         auto engine = MakeSqlCompletionEngineUT();
         {

yql/essentials/sql/v1/complete/syntax/cursor_token_context.cpp

@@ -112,13 +112,13 @@ namespace NSQLComplete {
 
     bool GetStatement(
         ILexer::TPtr& lexer,
-        TCompletionInput input,
+        const TMaterializedInput& input,
         TCompletionInput& output,
         size_t& output_position) {
         TVector<TString> statements;
         NYql::TIssues issues;
         if (!NSQLTranslationV1::SplitQueryToStatements(
-                TString(input.Text) + ";", lexer,
+                input.Text, lexer,
                 statements, issues, /* file = */ "",
                 /* areBlankSkipped = */ false)) {
             return false;
@@ -129,15 +129,16 @@ namespace NSQLComplete {
         for (const auto& statement : statements) {
             if (input.CursorPosition < cursor + statement.size()) {
                 output = {
-                    .Text = input.Text.SubStr(cursor, statement.size()),
+                    .Text = TStringBuf(input.Text).SubStr(cursor, statement.size()),
                     .CursorPosition = input.CursorPosition - cursor,
                 };
                 return true;
             }
             cursor += statement.size();
         }
 
-        output = input;
+        output.Text = TStringBuf(input.Text);
+        output.CursorPosition = input.CursorPosition;
         return true;
     }
 

yql/essentials/sql/v1/complete/syntax/cursor_token_context.h

@@ -38,7 +38,7 @@ namespace NSQLComplete {
 
     bool GetStatement(
         ILexer::TPtr& lexer,
-        TCompletionInput input,
+        const TMaterializedInput& input,
         TCompletionInput& output,
         size_t& output_position);
 

yql/essentials/sql/v1/complete/syntax/local.cpp

@@ -57,9 +57,18 @@ namespace NSQLComplete {
         }
 
         TLocalSyntaxContext Analyze(TCompletionInput input) override {
+            TMaterializedInput materialized = {
+                .Text = TString(input.Text),
+                .CursorPosition = input.CursorPosition,
+            };
+
+            // - ";" is for a correct stetement split
+            // - "-- `" is for a ilformed ID_QUOTED recovery
+            materialized.Text += "; -- `";
+
             TCompletionInput statement;
             size_t statement_position;
-            if (!GetStatement(Lexer_, input, statement, statement_position)) {
+            if (!GetStatement(Lexer_, materialized, statement, statement_position)) {
                 return {};
             }