From 2740c3c6f4b55d70a6d7ccdb46a235b7f425ac63 Mon Sep 17 00:00:00 2001
From: zstadler <zeev.stadler@gmail.com>
Date: Wed, 13 Nov 2024 18:39:23 +0200
Subject: [PATCH 1/3] Escaping names passed to Overpass

Resolves #2073
---
 .../src/application/services/overpass-turbo.service.ts       | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/IsraelHiking.Web/src/application/services/overpass-turbo.service.ts b/IsraelHiking.Web/src/application/services/overpass-turbo.service.ts
index a4048eb63..04d8fa68c 100644
--- a/IsraelHiking.Web/src/application/services/overpass-turbo.service.ts
+++ b/IsraelHiking.Web/src/application/services/overpass-turbo.service.ts
@@ -34,14 +34,15 @@ export class OverpassTurboService {
         }
     }
 
-    public async getLongWay(id: string, title: string, isWaterway: boolean, isMtbRoute: boolean): Promise<GeoJSON.FeatureCollection> {
+    public async getLongWay(id: string, name: string, isWaterway: boolean, isMtbRoute: boolean): Promise<GeoJSON.FeatureCollection> {
+        const quotedName = name.replace(/"/g, '\\"')
         const query = `
         way(${id});
         complete
         {
           way(around:30)
             [${isWaterway ? 'waterway' : 'highway'}]
-            ["${isMtbRoute ? 'mtb:name' : 'name'}"="${title}"];
+            ["${isMtbRoute ? 'mtb:name' : 'name'}"="${quotedName}"];
         }
         out geom;`;
         return await this.getGeoJsonFromQuery(query);

From b53a3e428b29147f597bfe0465a0d0d101a95323 Mon Sep 17 00:00:00 2001
From: HarelM <harel.mazor@gmail.com>
Date: Thu, 14 Nov 2024 00:00:01 +0200
Subject: [PATCH 2/3] Add tests for relevant scenario

---
 .../services/overpass-turbo.service.spec.ts   | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts

diff --git a/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts b/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts
new file mode 100644
index 000000000..dda584ce2
--- /dev/null
+++ b/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts
@@ -0,0 +1,53 @@
+import { inject, TestBed } from "@angular/core/testing";
+import { HttpClient, provideHttpClient, withInterceptorsFromDi } from "@angular/common/http";
+import { OverpassTurboService } from "./overpass-turbo.service";
+import { HttpTestingController, provideHttpClientTesting } from "@angular/common/http/testing";
+
+describe("OverpassTurboService", () => {
+    beforeEach(() => {
+        TestBed.configureTestingModule({
+            imports: [],
+            providers: [
+                OverpassTurboService,
+                provideHttpClient(withInterceptorsFromDi()),
+                provideHttpClientTesting()
+            ]
+        });
+    });
+
+    it("Should get a long way by name", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
+        // Arrange
+        const response = "<osm></osm>";
+        // Act
+        const promise = service.getLongWay("id", "name", false, false);
+
+        mockBackend.expectOne("https://overpass-api.de/api/interpreter").flush(response);
+        // Assert
+        const results = await promise;
+        expect(results.features.length).toBe(0);
+    }));
+
+    it("Should get a long way by name with '\"'", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
+        // Arrange
+        const response = "<osm></osm>";
+        // Act
+        const promise = service.getLongWay("id", "lalala\"", false, false);
+
+        mockBackend.expectOne(u => u.body.includes("lalala\\\"")).flush(response);
+        // Assert
+        const results = await promise;
+        expect(results.features.length).toBe(0);
+    }));
+
+    it("Should get a place by id", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
+        // Arrange
+        const response = "<osm></osm>";
+        // Act
+        const promise = service.getPlaceGeometry("42");
+
+        mockBackend.expectOne("https://overpass-api.de/api/interpreter").flush(response);
+        // Assert
+        const results = await promise;
+        expect(results.features.length).toBe(0);
+    }));
+});
\ No newline at end of file

From 42696ae4d56965b4a02d1bb8b50b8fc2c40e0e5a Mon Sep 17 00:00:00 2001
From: HarelM <harel.mazor@gmail.com>
Date: Thu, 14 Nov 2024 00:07:26 +0200
Subject: [PATCH 3/3] Fix lint, improve coverage

---
 .../services/overpass-turbo.service.spec.ts   | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts b/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts
index dda584ce2..c3457f28d 100644
--- a/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts
+++ b/IsraelHiking.Web/src/application/services/overpass-turbo.service.spec.ts
@@ -1,7 +1,7 @@
 import { inject, TestBed } from "@angular/core/testing";
-import { HttpClient, provideHttpClient, withInterceptorsFromDi } from "@angular/common/http";
-import { OverpassTurboService } from "./overpass-turbo.service";
+import { provideHttpClient, withInterceptorsFromDi } from "@angular/common/http";
 import { HttpTestingController, provideHttpClientTesting } from "@angular/common/http/testing";
+import { OverpassTurboService } from "./overpass-turbo.service";
 
 describe("OverpassTurboService", () => {
     beforeEach(() => {
@@ -27,6 +27,30 @@ describe("OverpassTurboService", () => {
         expect(results.features.length).toBe(0);
     }));
 
+    it("Should get a long mtb way by name", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
+        // Arrange
+        const response = "<osm></osm>";
+        // Act
+        const promise = service.getLongWay("id", "aaa", false, true);
+
+        mockBackend.expectOne(u => u.body.includes("mtb:name")).flush(response);
+        // Assert
+        const results = await promise;
+        expect(results.features.length).toBe(0);
+    }));
+
+    it("Should get a long waterway way by name", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
+        // Arrange
+        const response = "<osm></osm>";
+        // Act
+        const promise = service.getLongWay("id", "aaa", true, false);
+
+        mockBackend.expectOne(u => u.body.includes("waterway")).flush(response);
+        // Assert
+        const results = await promise;
+        expect(results.features.length).toBe(0);
+    }));
+
     it("Should get a long way by name with '\"'", inject([OverpassTurboService, HttpTestingController], async (service: OverpassTurboService, mockBackend: HttpTestingController) => {
         // Arrange
         const response = "<osm></osm>";