From 725ed9f4f20f8a933d431792fdd0836cb9ae87fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Toma=C5=BE=20Jerman?= <tomaz.jerman121@gmail.com>
Date: Thu, 8 Dec 2022 13:46:35 +0100
Subject: [PATCH] Add JSON validity checks to make value extraction safer

---
 server/store/adapters/rdbms/drivers/mssql/dialect.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/store/adapters/rdbms/drivers/mssql/dialect.go b/server/store/adapters/rdbms/drivers/mssql/dialect.go
index c2fdf8e84..64e874ed5 100644
--- a/server/store/adapters/rdbms/drivers/mssql/dialect.go
+++ b/server/store/adapters/rdbms/drivers/mssql/dialect.go
@@ -82,7 +82,7 @@ func (d mssqlDialect) JsonExtract(jsonDoc exp.Expression, pp ...any) (path exp.E
 	if path, err = jsonPathExpr(pp...); err != nil {
 		return
 	} else {
-		return exp.NewSQLFunctionExpression("JSON_QUERY", jsonDoc, path), nil
+		return exp.NewLiteralExpression("CASE WHEN ISJSON(?) = 1 THEN ? ELSE NULL END", jsonDoc, exp.NewSQLFunctionExpression("JSON_QUERY", jsonDoc, path)), nil
 	}
 }
 
@@ -90,7 +90,7 @@ func (d mssqlDialect) JsonExtractUnquote(jsonDoc exp.Expression, pp ...any) (pat
 	if path, err = jsonPathExpr(pp...); err != nil {
 		return
 	} else {
-		return exp.NewSQLFunctionExpression("JSON_VALUE", jsonDoc, path), nil
+		return exp.NewLiteralExpression("CASE WHEN ISJSON(?) = 1 THEN ? ELSE NULL END", jsonDoc, exp.NewSQLFunctionExpression("JSON_VALUE", jsonDoc, path)), nil
 	}
 }