def test_queries_deleting_stuff_are_not_ok(self):
     sql = "'distraction'; deLeTe from table; SELECT 1+1 AS TWO; drop view foo;"
     passes, words = passes_blacklist(sql)
     self.assertFalse(passes)
     self.assertTrue(len(words), 2)
     self.assertEqual(words[0], 'DROP')
     self.assertEqual(words[1], 'DELETE')
 def test_queries_deleting_stuff_are_not_ok(self):
     sql = "'distraction'; deLeTe from table; SELECT 1+1 AS TWO; drop view foo;"
     passes, words = passes_blacklist(sql)
     self.assertFalse(passes)
     self.assertTrue(len(words), 2)
     self.assertEqual(words[0], 'DROP')
     self.assertEqual(words[1], 'DELETE')
Esempio n. 3
0
 def passes_blacklist(self):
     return passes_blacklist(self.final_sql())
Esempio n. 4
0
 def test_queries_dropping_views_is_not_ok_and_not_case_sensitive(self):
     sql = "SELECT 1+1 AS TWO; drop ViEw foo;"
     self.assertFalse(passes_blacklist(sql))
Esempio n. 5
0
 def test_queries_deleting_stuff_are_not_ok(self):
     sql = "'distraction'; deLeTe from table; SELECT 1+1 AS TWO; drop view foo;"
     self.assertFalse(passes_blacklist(sql))
 def test_sql_whitelist_ok(self):
     app_settings.EXPLORER_SQL_WHITELIST = ['dropper']
     sql = "SELECT 1+1 AS TWO; dropper ViEw foo;"
     self.assertTrue(passes_blacklist(sql)[0])
 def test_queries_dropping_views_is_not_ok_and_not_case_sensitive(self):
     sql = "SELECT 1+1 AS TWO; drop ViEw foo;"
     self.assertFalse(passes_blacklist(sql)[0])
 def test_sql_whitelist_ok(self):
     app_settings.EXPLORER_SQL_WHITELIST = ['dropper']
     sql = "SELECT 1+1 AS TWO; dropper ViEw foo;"
     self.assertTrue(passes_blacklist(sql)[0])
Esempio n. 9
0
 def passes_blacklist(self):
     return passes_blacklist(self.final_sql())
 def passes_blacklist(self, params=None):
     return passes_blacklist(self.final_sql(params=params))
Esempio n. 11
0
 def passes_blacklist(self, params=None):
     return passes_blacklist(self.final_sql(params=params))
Esempio n. 12
0
 def test_queries_containing_drop_in_word_is_ok(self):
     sql = "SELECT * FROM student droptable WHERE name LIKE 'Robert%'"
     self.assertTrue(passes_blacklist(sql)[0])
Esempio n. 13
0
 def test_queries_deleting_stuff_are_not_ok(self):
     sql = "'distraction'; deLeTe from table; SELECT 1+1 AS TWO; drop view foo;"
     self.assertFalse(passes_blacklist(sql))
Esempio n. 14
0
 def test_queries_modifying_functions_are_ok(self):
     sql = "SELECT 1+1 AS TWO; drop view foo;"
     self.assertTrue(passes_blacklist(sql))