fix(pg): escape quoting within formatted string values

[seanjSO]

Description

Escapes single quotes within formatted string values

Resolves: BED-7946

Type of Change

• Chore (a change that does not modify the application functionality)
• Bug fix (a change that fixes an issue)
• New feature / enhancement (a change that adds new functionality)
• Refactor (no behaviour change)
• Test coverage
• Build / CI / tooling
• Documentation

Testing

• Unit tests added / updated
• Integration tests added / updated
• Manual integration tests run (go test -tags manual_integration ./integration/...)

Screenshots (if appropriate):

Driver Impact

• PostgreSQL driver (drivers/pg)
• Neo4j driver (drivers/neo4j)

Checklist

• Code is formatted
• All existing tests pass
• go.mod / go.sum are up to date if dependencies changed

Summary by CodeRabbit

• Bug Fixes

  • Corrected SQL string literal generation to escape embedded single quotes, ensuring produced queries are syntactically valid when values contain quotation marks.

• Tests

  • Added unit and translation tests to verify single quotes are properly escaped and that generated SQL handles literals containing embedded quotes.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ebf666c5-c3e7-4fa5-8ccb-51f25055626e

📥 Commits

Reviewing files that changed from the base of the PR and between 159ab6c and b263798.

📒 Files selected for processing (3)

• cypher/models/pgsql/format/format.go
• cypher/models/pgsql/format/format_test.go
• cypher/models/pgsql/test/translation_cases/nodes.sql

✅ Files skipped from review due to trivial changes (2)

• cypher/models/pgsql/format/format.go
• cypher/models/pgsql/test/translation_cases/nodes.sql

🚧 Files skipped from review as they are similar to previous changes (1)

• cypher/models/pgsql/format/format_test.go

---

Walkthrough

String literal formatting for PostgreSQL was changed to escape embedded single quotes by doubling them before surrounding with single-quote delimiters. A unit test was added to validate escaping behavior and a SQL translation test case containing embedded quotes was included.

Changes

Cohort / File(s)	Summary
Formatter implementation & test cypher/models/pgsql/format/format.go, cypher/models/pgsql/format/format_test.go	Escape embedded single quotes in formatted string literals by replacing ' with ''. Added TestFormat_QueryInjection to assert correct escaping in generated SQL.
Translation test case cypher/models/pgsql/test/translation_cases/nodes.sql	Added SQL translation test case that includes a string with embedded single quotes concatenated with a subselect to exercise literal escaping in translations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 I nibble quotes and double each one,

' becomes '' — safe work's begun.
A quiet hop, a careful tweak,
Strings sit snug, no havoc to wreak.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: escaping single quotes in formatted string values for PostgreSQL, which directly addresses the bug fix implemented in the code.
Description check	✅ Passed	The description follows the template with all required sections completed: a brief description with issue reference, Type of Change selected (Bug fix), Testing checkbox marked (Unit tests added), Driver Impact checked (PostgreSQL), and Checklist items verified.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch seanj/BED-7946

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[kpom-specter]

Approved with much sadness, as we should be using: https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-DOLLAR-QUOTING

[superlinkx]

@CodeRabbit review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[zinic]

We'll come back to this but this closes the gap - ty