Esempio n. 1
0
 def test_table_and_column_psql_quoted(self):
     """If a name contains a dot, it searches PostgreSQL quoted tables and columns."""
     # PostgreSQL-style identifer quoting
     # MS SQL uses [brackets], MySQL uses `backticks`
     sql = 'SELECT * FROM "table" WHERE "table"."id" = 1'
     crumb = {"category": "query", "message": sql}
     SanitizeSQLQueryCrumb(("table.id", ))(crumb, {})
     assert crumb == {"category": "query", "message": "[filtered]"}
Esempio n. 2
0
 def test_safer_queries_are_untouched(self):
     """Safer queries are passed without modification."""
     message = (
         'SELECT "crashstats_product"."product_name" FROM "crashstats_product"'
         ' WHERE "crashstats_product"."is_active" = True'
         ' ORDER BY "crashstats_product"."sort" ASC')
     crumb = {"category": "query", "message": message}
     SanitizeSQLQueryCrumb(("secret", ))(crumb, {})
     assert crumb["message"] == message
Esempio n. 3
0
 def test_filtered_breadcrumbs(self):
     """The breadcrumb filter is applied to the event breadcrumbs."""
     event = {
         "id":
         "00d47b89-4c7f-49bf-9f08-d0a65fe58b89",
         "breadcrumbs": [{
             "category":
             "query",
             "message":
             "SELECT * FROM mytable WHERE secret='my_secret'",
         }],
     }
     crumb_filter = SanitizeSQLQueryCrumb(["secret"])
     SanitizeBreadcrumbs([crumb_filter])(event, {})
     expected = {
         "id": "00d47b89-4c7f-49bf-9f08-d0a65fe58b89",
         "breadcrumbs": [{
             "category": "query",
             "message": "[filtered]"
         }],
     }
     assert event == expected
Esempio n. 4
0
 def test_filtered_breadcrumbs(self):
     """The breadcrumb filter is applied to the event breadcrumbs."""
     event = {
         'id': '00d47b89-4c7f-49bf-9f08-d0a65fe58b89',
         'breadcrumbs': [
             {
                 'category': 'query',
                 'message': "SELECT * FROM mytable WHERE secret='my_secret'"
             }
         ]
     }
     crumb_filter = SanitizeSQLQueryCrumb(['secret'])
     SanitizeBreadcrumbs([crumb_filter])(event, {})
     expected = {
         'id': '00d47b89-4c7f-49bf-9f08-d0a65fe58b89',
         'breadcrumbs': [
             {
                 'category': 'query',
                 'message': '[filtered]'
             }
         ]
     }
     assert event == expected
Esempio n. 5
0
 def test_non_queries_are_skipped(self):
     """Non-query breadcrumbs are passed without modification."""
     message = "I am a secret"
     crumb = {"category": "not query", "message": message}
     SanitizeSQLQueryCrumb(("secret", ))(crumb, {})
     assert crumb["message"] == message
Esempio n. 6
0
 def test_filtered_queries(self, keyword, sql):
     """Sensitive queries are truncated at the column name."""
     crumb = {"category": "query", "message": sql}
     SanitizeSQLQueryCrumb((keyword, ))(crumb, {})
     assert crumb == {"category": "query", "message": "[filtered]"}
Esempio n. 7
0
 def test_table_and_column_unquoted(self):
     """If a name contains a dot, it searches for a tables and columns."""
     sql = "SELECT * FROM table WHERE table.id = 1"
     crumb = {"category": "query", "message": sql}
     SanitizeSQLQueryCrumb(("table.id", ))(crumb, {})
     assert crumb == {"category": "query", "message": "[filtered]"}
Esempio n. 8
0
 def test_non_queries_are_skipped(self):
     """Non-query breadcrumbs are passed without modification."""
     message = 'I am a secret'
     crumb = {'category': 'not query', 'message': message}
     SanitizeSQLQueryCrumb(('secret',))(crumb, {})
     assert crumb['message'] == message
Esempio n. 9
0
 def test_filtered_queries(self, keyword, sql):
     """Sensitive queries are truncated at the column name."""
     crumb = {'category': 'query', 'message': sql}
     SanitizeSQLQueryCrumb((keyword,))(crumb, {})
     assert crumb == {'category': 'query', 'message': '[filtered]'}
Esempio n. 10
0
 def test_table_and_column_unquoted(self):
     """If a name contains a dot, it searches for a tables and columns."""
     sql = 'SELECT * FROM table WHERE table.id = 1'
     crumb = {'category': 'query', 'message': sql}
     SanitizeSQLQueryCrumb(('table.id',))(crumb, {})
     assert crumb == {'category': 'query', 'message': '[filtered]'}