Add YAML StringUtils.quoteIfNeeded() for safe scalar quoting (#7416)

Jenson3210 · timtebeek · web-flow · commit 10ffca7201ef · 2026-04-17T16:34:29.000+02:00
* Add YAML StringUtils.quoteIfNeeded() for safe scalar quoting Add a utility method that quotes YAML scalar values only when syntactically necessary (indicator characters, colon-space, space-hash, document markers, whitespace, control characters). Uses minimal quoting: single quotes by default, double quotes only when escape sequences are needed. * Parameterize YAML StringUtilsTest for quoteIfNeeded Collapse the 43 near-identical @test methods into 8 @ParameterizedTest methods (plus one @test for the single empty-string case) grouped by the existing category headers, so the focus is on the (input, expected) table rather than repeated assertion boilerplate. --------- Co-authored-by: Tim te Beek <tim@moderne.io>
diff --git a/rewrite-yaml/src/main/java/org/openrewrite/yaml/internal/StringUtils.java b/rewrite-yaml/src/main/java/org/openrewrite/yaml/internal/StringUtils.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2025 the original author or authors.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.yaml.internal;
+
+public class StringUtils {
+
+    private StringUtils() {
+    }
+
+    private static final String INDICATOR_CHARS = "-?:,[]{}#&*!|>'\"%@`";
+
+    /**
+     * Quotes a YAML scalar value if needed, per the YAML 1.2.2 spec.
+     * <p>
+     * If the input is already quoted (surrounded by matching single or double quotes),
+     * it is returned as-is. Otherwise, the method determines whether the value requires
+     * quoting and applies the minimal quoting style: single quotes by default, double
+     * quotes only when escape sequences are required.
+     *
+     * @param value the raw string value
+     * @return the value, potentially quoted for safe use as a YAML scalar
+     */
+    public static String quoteIfNeeded(String value) {
+        if (isAlreadyQuoted(value)) {
+            return value;
+        }
+        if (!needsQuoting(value)) {
+            return value;
+        }
+        if (needsDoubleQuotes(value)) {
+            return "\"" + escapeForDoubleQuoting(value) + "\"";
+        }
+        return "'" + value + "'";
+    }
+
+    private static boolean isAlreadyQuoted(String value) {
+        if (value.length() < 2) {
+            return false;
+        }
+        return (value.charAt(0) == '\'' && value.charAt(value.length() - 1) == '\'') ||
+               (value.charAt(0) == '"' && value.charAt(value.length() - 1) == '"');
+    }
+
+    private static boolean needsQuoting(String value) {
+        // Empty string
+        if (value.isEmpty()) {
+            return true;
+        }
+
+        // Leading or trailing whitespace
+        char first = value.charAt(0);
+        char last = value.charAt(value.length() - 1);
+        if (first == ' ' || first == '\t' || last == ' ' || last == '\t') {
+            return true;
+        }
+
+        // Contains line breaks
+        if (value.indexOf('\n') >= 0 || value.indexOf('\r') >= 0) {
+            return true;
+        }
+
+        // Starts with indicator character
+        if (INDICATOR_CHARS.indexOf(first) >= 0) {
+            return true;
+        }
+
+        // Contains colon-space or space-hash mid-string
+        if (value.contains(": ") || value.contains(" #")) {
+            return true;
+        }
+
+        // Document markers
+        if (value.equals("---") || value.equals("...")) {
+            return true;
+        }
+
+        // Contains control characters
+        for (int i = 0; i < value.length(); i++) {
+            char c = value.charAt(i);
+            if (c < 0x20 || c == 0x7F) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    private static boolean needsDoubleQuotes(String value) {
+        // Need double quotes if value contains single quote
+        if (value.indexOf('\'') >= 0) {
+            return true;
+        }
+        // Need double quotes if value contains control characters
+        for (int i = 0; i < value.length(); i++) {
+            char c = value.charAt(i);
+            if (c < 0x20 || c == 0x7F) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    private static String escapeForDoubleQuoting(String value) {
+        StringBuilder sb = new StringBuilder(value.length() + 16);
+        for (int i = 0; i < value.length(); i++) {
+            char c = value.charAt(i);
+            switch (c) {
+                case '\\':
+                    sb.append("\\\\");
+                    break;
+                case '"':
+                    sb.append("\\\"");
+                    break;
+                case '\0':
+                    sb.append("\\0");
+                    break;
+                case '\u0007':
+                    sb.append("\\a");
+                    break;
+                case '\b':
+                    sb.append("\\b");
+                    break;
+                case '\t':
+                    sb.append("\\t");
+                    break;
+                case '\n':
+                    sb.append("\\n");
+                    break;
+                case '\u000B':
+                    sb.append("\\v");
+                    break;
+                case '\f':
+                    sb.append("\\f");
+                    break;
+                case '\r':
+                    sb.append("\\r");
+                    break;
+                case '\u001B':
+                    sb.append("\\e");
+                    break;
+                default:
+                    if (c < 0x20 || c == 0x7F) {
+                        sb.append("\\x");
+                        sb.append(String.format("%02x", (int) c));
+                    } else {
+                        sb.append(c);
+                    }
+                    break;
+            }
+        }
+        return sb.toString();
+    }
+}
diff --git a/rewrite-yaml/src/test/java/org/openrewrite/yaml/internal/StringUtilsTest.java b/rewrite-yaml/src/test/java/org/openrewrite/yaml/internal/StringUtilsTest.java
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2025 the original author or authors.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.yaml.internal;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import java.util.stream.Stream;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.openrewrite.yaml.internal.StringUtils.quoteIfNeeded;
+
+class StringUtilsTest {
+
+    @ParameterizedTest
+    @MethodSource
+    void alreadyQuotedPassthrough(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> alreadyQuotedPassthrough() {
+        return Stream.of(
+                Arguments.of("'hello'", "'hello'"),
+                Arguments.of("\"hello\"", "\"hello\""),
+                Arguments.of("''", "''")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void noQuotingNeeded(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> noQuotingNeeded() {
+        return Stream.of(
+                Arguments.of("hello", "hello"),
+                Arguments.of("hello world", "hello world"),
+                Arguments.of("some-key", "some-key"),
+                Arguments.of("path/to/file", "path/to/file"),
+                Arguments.of("1.0.0", "1.0.0"),
+                Arguments.of("truefalse", "truefalse"),
+                Arguments.of("https://example.com", "https://example.com")
+        );
+    }
+
+    @Test
+    void emptyStringQuoted() {
+        assertThat(quoteIfNeeded("")).isEqualTo("''");
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void validYamlTypedValuesUnchanged(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> validYamlTypedValuesUnchanged() {
+        return Stream.of(
+                Arguments.of("null", "null"),
+                Arguments.of("true", "true"),
+                Arguments.of("false", "false"),
+                Arguments.of("YES", "YES"),
+                Arguments.of("123", "123"),
+                Arguments.of("1.23", "1.23")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void indicatorCharactersQuoted(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> indicatorCharactersQuoted() {
+        return Stream.of(
+                Arguments.of("~", "~"),
+                Arguments.of("- item", "'- item'"),
+                Arguments.of("-42", "'-42'"),
+                Arguments.of("# comment", "'# comment'"),
+                Arguments.of("*alias", "'*alias'"),
+                Arguments.of("&anchor", "'&anchor'"),
+                Arguments.of("[list]", "'[list]'"),
+                Arguments.of("{map}", "'{map}'"),
+                Arguments.of("!tag", "'!tag'"),
+                Arguments.of("%directive", "'%directive'")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void dangerousMidStringPatternsQuoted(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> dangerousMidStringPatternsQuoted() {
+        return Stream.of(
+                Arguments.of("key: value", "'key: value'"),
+                Arguments.of("TODO: Follow this link https://example.com/page",
+                        "'TODO: Follow this link https://example.com/page'"),
+                Arguments.of("before # after", "'before # after'")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void documentMarkersQuoted(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> documentMarkersQuoted() {
+        return Stream.of(
+                Arguments.of("---", "'---'"),
+                Arguments.of("...", "'...'")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void leadingTrailingWhitespaceQuoted(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> leadingTrailingWhitespaceQuoted() {
+        return Stream.of(
+                Arguments.of(" hello", "' hello'"),
+                Arguments.of("hello ", "'hello '"),
+                Arguments.of("\thello", "\"\\thello\"")
+        );
+    }
+
+    @ParameterizedTest
+    @MethodSource
+    void doubleQuoteCases(String input, String expected) {
+        assertThat(quoteIfNeeded(input)).isEqualTo(expected);
+    }
+
+    static Stream<Arguments> doubleQuoteCases() {
+        return Stream.of(
+                // Contains ': ' (needs quoting) AND single quote (forces double quotes)
+                Arguments.of("it's: a test", "\"it's: a test\""),
+                Arguments.of("line1\nline2", "\"line1\\nline2\""),
+                Arguments.of("col1\tcol2", "\"col1\\tcol2\""),
+                Arguments.of("it's", "it's"),
+                Arguments.of("line1\rline2", "\"line1\\rline2\""),
+                Arguments.of("abc\0def", "\"abc\\0def\""),
+                Arguments.of("path\\to", "path\\to"),
+                Arguments.of("say \"hello\"", "say \"hello\"")
+        );
+    }
+}
