matt/stratos
1
0
Fork 0
mirror of https://github.com/matt-fidd/stratos.git synced 2026-01-02 05:39:32 +00:00
Code Issues Projects Releases Wiki Activity

Added validation and sanitisation for sql queries passed into runQuery

Browse Source
This commit is contained in:
matt
2022-01-20 22:57:17 +00:00
parent 08b5b41135
commit 960575280b
3 changed files with 116 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/DatabaseConnectionPool.test.js
View File

@@ -47,11 +47,46 @@ describe('DatabaseConnectionPool', () => {
test('Query with whitespace after ; should not fail', ()=> {
const dbp = new DatabaseConnectionPool();
const sql = `SELECT * FROM class;`;
dbp.runQuery(sql);
const sql = `SELECT * FROM class; `;
expect(dbp.runQuery.mock.results[0].value).toEqual({
sql: sql
});
expect(() => dbp.runQuery(sql)).not.toThrow();
});
test('Prepared query should fail if no params are given', () => {
const dbp = new DatabaseConnectionPool();
const sql = `SELECT * FROM class where name = ?;`;
expect(() => dbp.runQuery(sql)).toThrow();
});
test('Prepared query should fail if too many params given', () => {
const dbp = new DatabaseConnectionPool();
const sql = `SELECT * FROM class where name = ?;`;
const params = [ 'bob', 'jim' ];
expect(() => dbp.runQuery(sql, params)).toThrow();
});
test('Prepared query should fail if too few params given', () => {
const dbp = new DatabaseConnectionPool();
const sql = `SELECT * FROM class where name = ?
and classId = ? and subjectId = ?;`;
const params = [ 'bob' ];
expect(() => dbp.runQuery(sql, params)).toThrow();
});
test('Non-prepared query should fail if params given', () => {
const dbp = new DatabaseConnectionPool();
const sql = `SELECT * FROM class;`;
const params = [ 'bob', 'jim' ];
expect(() => dbp.runQuery(sql, params)).toThrow();
});
});