fix(api): address code review – AQL injection escaping, test dedup, formatting

- Add aqlEscape() helper to sanitize user input before AQL string embedding
- Apply aqlEscape() to collection + query/sparse_query in HybridSearch and FullTextSearch
- Remove duplicate ThemisDBGrpcService construction in ConstructWithWiredComponents test
- Remove extra trailing newline in test file

Co-authored-by: makr-code <150588092+makr-code@users.noreply.github.com>
Agent-Logs-Url: https://github.com/makr-code/ThemisDB/sessions/794e2fa9-9d77-4d33-b543-df42c5e31930

Author: Copilot

src/api/themisdb_grpc_service.cpp

@@ -56,6 +56,23 @@
 #  define THEMIS_HAS_JSON 0
 #endif
 
+namespace {
+
+/// Escape a string for safe embedding inside an AQL single-quoted literal.
+/// Replaces backslashes and single-quotes to prevent AQL injection.
+std::string aqlEscape(const std::string& raw) {
+    std::string out;
+    out.reserve(raw.size() + 4);
+    for (char c : raw) {
+        if (c == '\\') { out += "\\\\"; }
+        else if (c == '\'') { out += "\\'"; }
+        else { out += c; }
+    }
+    return out;
+}
+
+} // namespace
+
 namespace themis {
 namespace api {
 
@@ -525,9 +542,10 @@ class ThemisDBGrpcService::Impl {
 
             // Sparse component (AQL full-text via engine) – simplified delegation
             if (aql_engine_ && !req->sparse_query().empty()) {
+                // Escape user input before embedding in AQL string literal
                 const std::string aql =
-                    "FOR doc IN " + req->collection() +
-                    " FILTER FULLTEXT(doc, 'text', '" + req->sparse_query() + "') "
+                    "FOR doc IN " + aqlEscape(req->collection()) +
+                    " FILTER FULLTEXT(doc, 'text', '" + aqlEscape(req->sparse_query()) + "')"
                     " LIMIT " + std::to_string(k) + " RETURN doc";
                 auto result = aql_engine_->execute(aql);
                 if (result) {
@@ -566,9 +584,10 @@ class ThemisDBGrpcService::Impl {
             }
 
             const int limit = req->max_results() > 0 ? req->max_results() : 10;
+            // Escape user input before embedding in AQL string literal
             const std::string aql =
-                "FOR doc IN " + req->collection() +
-                " FILTER FULLTEXT(doc, 'text', '" + req->query() + "') "
+                "FOR doc IN " + aqlEscape(req->collection()) +
+                " FILTER FULLTEXT(doc, 'text', '" + aqlEscape(req->query()) + "')"
                 " LIMIT " + std::to_string(limit) + " RETURN doc";
 
             auto result = aql_engine_->execute(aql);

tests/test_themisdb_grpc_service.cpp

@@ -128,9 +128,8 @@ TEST(ThemisDBGrpcServiceTest, ConstructWithWiredComponents) {
 
     ASSERT_NO_THROW({
         ThemisDBGrpcService svc(nullptr, nullptr, engine, index);
+        (void)svc.service();
     });
-    ThemisDBGrpcService svc(nullptr, nullptr, engine, index);
-    SUCCEED(); // construction succeeds; service() will return valid ptr if stubs present
 }
 
 TEST(ThemisDBGrpcServiceTest, ServicePointerStableAfterWiring) {
@@ -199,4 +198,3 @@ TEST(ThemisDBGrpcServiceFactoryTest, FactoryIsReusable) {
     EXPECT_NE(svc1.get(), svc2.get());
 }
 
-