def _sanitize_filters(self) -> None: for param in ("where", "having"): clause = self.extras.get(param) if clause: try: sanitized_clause = sanitize_clause(clause) if sanitized_clause != clause: self.extras[param] = sanitized_clause except QueryClauseValidationException as ex: raise QueryObjectValidationError(ex.message) from ex
def test_sanitize_clause_valid(): # regular clauses assert sanitize_clause("col = 1") == "col = 1" assert sanitize_clause("1=\t\n1") == "1=\t\n1" assert sanitize_clause("(col = 1)") == "(col = 1)" assert sanitize_clause("(col1 = 1) AND (col2 = 2)") == "(col1 = 1) AND (col2 = 2)" assert sanitize_clause("col = 'abc' -- comment") == "col = 'abc' -- comment\n" # Valid literal values that at could be flagged as invalid by a naive query parser assert ( sanitize_clause("col = 'col1 = 1) AND (col2 = 2'") == "col = 'col1 = 1) AND (col2 = 2'" ) assert sanitize_clause("col = 'select 1; select 2'") == "col = 'select 1; select 2'" assert sanitize_clause("col = 'abc -- comment'") == "col = 'abc -- comment'"
def test_sanitize_clause_multiple(): with pytest.raises(QueryClauseValidationException): sanitize_clause("TRUE; SELECT 1")
def test_sanitize_clause_closing_and_unclosed_nested(): with pytest.raises(QueryClauseValidationException): sanitize_clause("(col1 = 1)) AND ((col2 = 2)")
def test_sanitize_clause_unclosed(): with pytest.raises(QueryClauseValidationException): sanitize_clause("(col1 = 1) AND (col2 = 2")