From b5e441c5220dd4e36b0b7ad89135e394dd2a2c37 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 31 Jan 2024 06:37:41 +0000
Subject: [PATCH] build(deps): bump github.com/CiscoM31/godata from 1.0.9 to
 1.0.10

Bumps [github.com/CiscoM31/godata](https://github.com/CiscoM31/godata) from 1.0.9 to 1.0.10.
- [Release notes](https://github.com/CiscoM31/godata/releases)
- [Commits](https://github.com/CiscoM31/godata/compare/v1.0.9...v1.0.10)

---
updated-dependencies:
- dependency-name: github.com/CiscoM31/godata
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                        |  2 +-
 go.sum                                        |  4 +--
 .../CiscoM31/godata/expand_parser.go          |  8 +++++
 .../CiscoM31/godata/select_parser.go          | 30 ++++++++++++++++---
 vendor/modules.txt                            |  2 +-
 5 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/go.mod b/go.mod
index 1941a52824..d9ca70d28c 100644
--- a/go.mod
+++ b/go.mod
@@ -3,7 +3,7 @@ module github.com/owncloud/ocis/v2
 go 1.21
 
 require (
-	github.com/CiscoM31/godata v1.0.9
+	github.com/CiscoM31/godata v1.0.10
 	github.com/KimMachineGun/automemlimit v0.5.0
 	github.com/Masterminds/semver v1.5.0
 	github.com/MicahParks/keyfunc v1.9.0
diff --git a/go.sum b/go.sum
index f3c0060069..ce7265874f 100644
--- a/go.sum
+++ b/go.sum
@@ -795,8 +795,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
 github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/CiscoM31/godata v1.0.9 h1:7ovi2efjWb6RloX96AJqBB9eyIfBdarzj8kzg7glPC4=
-github.com/CiscoM31/godata v1.0.9/go.mod h1:ZMiT6JuD3Rm83HEtiTx4JEChsd25YCrxchKGag/sdTc=
+github.com/CiscoM31/godata v1.0.10 h1:DZdJ6M8QNh4HquvDDOqNLu6h77Wl86KGK7Qlbmb90sk=
+github.com/CiscoM31/godata v1.0.10/go.mod h1:ZMiT6JuD3Rm83HEtiTx4JEChsd25YCrxchKGag/sdTc=
 github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ=
 github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk=
 github.com/KimMachineGun/automemlimit v0.5.0 h1:BeOe+BbJc8L5chL3OwzVYjVzyvPALdd5wxVVOWuUZmQ=
diff --git a/vendor/github.com/CiscoM31/godata/expand_parser.go b/vendor/github.com/CiscoM31/godata/expand_parser.go
index fd5e49241e..bf86403156 100644
--- a/vendor/github.com/CiscoM31/godata/expand_parser.go
+++ b/vendor/github.com/CiscoM31/godata/expand_parser.go
@@ -139,6 +139,14 @@ func ParseExpandItem(ctx context.Context, input tokenQueue) (*ExpandItem, error)
 				queue = &tokenQueue{}
 			}
 		} else if token.Value == "/" && stack.Empty() {
+			if queue.Empty() {
+				// Disallow extra leading and intermediate slash, like /Product and Product//Info
+				return nil, BadRequestError("Empty path segment in expand clause.")
+			}
+			if input.Empty() {
+				// Disallow extra trailing slash, like Product/
+				return nil, BadRequestError("Empty path segment in expand clause.")
+			}
 			// at root level, slashes separate path segments
 			item.Path = append(item.Path, queue.Dequeue())
 		} else if token.Value == ";" && stack.Size == 1 {
diff --git a/vendor/github.com/CiscoM31/godata/select_parser.go b/vendor/github.com/CiscoM31/godata/select_parser.go
index 492e0b9710..b3aaae2967 100644
--- a/vendor/github.com/CiscoM31/godata/select_parser.go
+++ b/vendor/github.com/CiscoM31/godata/select_parser.go
@@ -11,11 +11,16 @@ type SelectItem struct {
 }
 
 func ParseSelectString(ctx context.Context, sel string) (*GoDataSelectQuery, error) {
+	return GlobalExpressionParser.ParseSelectString(ctx, sel)
+}
+
+func (p *ExpressionParser) ParseSelectString(ctx context.Context, sel string) (*GoDataSelectQuery, error) {
 	items := strings.Split(sel, ",")
 
 	result := []*SelectItem{}
 
 	for _, item := range items {
+		item = strings.TrimSpace(item)
 
 		cfg, hasComplianceConfig := ctx.Value(odataCompliance).(OdataComplianceConfig)
 		if !hasComplianceConfig {
@@ -27,11 +32,28 @@ func ParseSelectString(ctx context.Context, sel string) (*GoDataSelectQuery, err
 			return nil, BadRequestError("Extra comma in $select.")
 		}
 
-		segments := []*Token{}
-		for _, val := range strings.Split(item, "/") {
-			segments = append(segments, &Token{Value: val})
+		if _, err := p.tokenizer.Tokenize(ctx, item); err != nil {
+			switch e := err.(type) {
+			case *GoDataError:
+				return nil, &GoDataError{
+					ResponseCode: e.ResponseCode,
+					Message:      "Invalid $select value",
+					Cause:        e,
+				}
+			default:
+				return nil, &GoDataError{
+					ResponseCode: 500,
+					Message:      "Invalid $select value",
+					Cause:        e,
+				}
+			}
+		} else {
+			segments := []*Token{}
+			for _, val := range strings.Split(item, "/") {
+				segments = append(segments, &Token{Value: val})
+			}
+			result = append(result, &SelectItem{segments})
 		}
-		result = append(result, &SelectItem{segments})
 	}
 
 	return &GoDataSelectQuery{result, sel}, nil
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f0cb3497d3..3a776b4518 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -11,7 +11,7 @@ github.com/Azure/go-ntlmssp
 ## explicit; go 1.16
 github.com/BurntSushi/toml
 github.com/BurntSushi/toml/internal
-# github.com/CiscoM31/godata v1.0.9
+# github.com/CiscoM31/godata v1.0.10
 ## explicit; go 1.19
 github.com/CiscoM31/godata
 # github.com/KimMachineGun/automemlimit v0.5.0