class HelperMethods(TestCase): """Tests connections, validation and execution methods in PGBackend.""" def setUp(self): # some words to test out self.good_nouns = ["good", "good_noun", "good-noun"] # some words that shoudl throw validation errors self.bad_nouns = ["_foo", "foo_", "-foo", "foo-", "foo bar", "injection;attack", ";injection", "injection;"] self.username = "******" self.password = "******" # mock open connection, # or else it will try to create a real db connection self.mock_psychopg = self.create_patch("core.db.backend.pg.psycopg2") # open mocked connection self.backend = PGBackend(self.username, self.password, repo_base=self.username) def create_patch(self, name): # helper method for creating patches patcher = patch(name) thing = patcher.start() self.addCleanup(patcher.stop) return thing def test_check_for_injections(self): """Tests validation against some sql injection attacks.""" for noun in self.bad_nouns: with self.assertRaises(ValueError): self.backend._check_for_injections(noun) for noun in self.good_nouns: try: self.backend._check_for_injections(noun) except ValueError: self.fail("check_for_injections failed to verify a good name") def test_check_open_connections(self): self.assertTrue(self.mock_psychopg.connect.called) def test_execute_sql_strips_queries(self): query = " This query needs stripping; " params = ("param1", "param2") mock_cursor = self.mock_psychopg.connect.return_value.cursor mock_execute = mock_cursor.return_value.execute mock_cursor.return_value.fetchall.return_value = "sometuples" mock_cursor.return_value.rowcount = 1000 res = self.backend.execute_sql(query, params) self.assertTrue(mock_cursor.called) self.assertTrue(mock_execute.called) self.assertEqual(mock_execute.call_args[0][1], params) self.assertEqual(res["tuples"], "sometuples") self.assertEqual(res["status"], True) self.assertEqual(res["row_count"], 1000)
class PGBackendHelperMethods(MockingMixin, TestCase): """Tests connections, validation and execution methods in PGBackend.""" def setUp(self): # some words to test out self.good_nouns = ['good', 'good_noun', 'goodNoun', 'good1'] # some words that should throw validation errors self.bad_nouns = [ '_foo', 'foo_', '-foo', 'foo-', 'foo bar', '1foo', 'injection;attack', ';injection', 'injection;', ] self.username = "******" self.password = "******" # mock connection pools so nothing gets a real db connection self.mock_pool_for_cred = self.create_patch( 'core.db.backend.pg._pool_for_credentials') # mock open connection, only to check if it ever gets called directly self.mock_connect = self.create_patch( 'core.db.backend.pg.psycopg2.connect') # open mocked connection self.backend = PGBackend(self.username, self.password, repo_base=self.username) def tearDown(self): # Make sure connections are only ever acquired via pools self.assertFalse(self.mock_connect.called) def test_check_for_injections(self): """Tests validation against some sql injection attacks.""" for noun in self.bad_nouns: with self.assertRaises(ValueError): self.backend._check_for_injections(noun) for noun in self.good_nouns: try: self.backend._check_for_injections(noun) except ValueError: self.fail('_check_for_injections failed to verify a good name') def test_validate_table_names(self): """Tests validation against some invalid table names.""" good_tables = [ 'table', '_dbwipes_cache', 'my_repo1', 'asdfl_fsdvbrbhg_______jkhadsc' ] bad_tables = [ ' table', '1table', 'table;select * from somewhere', 'table-table' ] for noun in bad_tables: with self.assertRaises(ValueError): self.backend._validate_table_name(noun) for noun in good_tables: try: self.backend._validate_table_name(noun) except ValueError: self.fail('_validate_table_name failed to verify a good name') def test_check_open_connections(self): mock_get_conn = self.mock_pool_for_cred.return_value.getconn mock_set_isol_level = mock_get_conn.return_value.set_isolation_level self.assertTrue(self.mock_pool_for_cred.called) self.assertTrue(mock_get_conn.called) self.assertTrue(mock_set_isol_level.called) def test_execute_sql_strips_queries(self): query = ' This query needs stripping; ' params = ('param1', 'param2') mock_cursor = self.backend.connection.cursor mock_execute = mock_cursor.return_value.execute mock_cursor.return_value.fetchall.return_value = 'sometuples' mock_cursor.return_value.rowcount = 1000 mock_query_rewriter = MagicMock() mock_query_rewriter.apply_row_level_security.side_effect = lambda x: x self.backend.query_rewriter = mock_query_rewriter res = self.backend.execute_sql(query, params) self.assertTrue(mock_query_rewriter.apply_row_level_security.called) self.assertTrue(mock_cursor.called) self.assertTrue(mock_execute.called) self.assertEqual(res['tuples'], 'sometuples') self.assertEqual(res['status'], True) self.assertEqual(res['row_count'], 1000)
class PGBackendHelperMethods(MockingMixin, TestCase): """Tests connections, validation and execution methods in PGBackend.""" def setUp(self): # some words to test out self.good_nouns = ['good', 'good_noun', 'goodNoun', 'good1'] # some words that should throw validation errors self.bad_nouns = ['_foo', 'foo_', '-foo', 'foo-', 'foo bar', '1foo', 'injection;attack', ';injection', 'injection;', ] self.username = "******" self.password = "******" # mock connection pools so nothing gets a real db connection self.mock_pool_for_cred = self.create_patch( 'core.db.backend.pg._pool_for_credentials') # mock open connection, only to check if it ever gets called directly self.mock_connect = self.create_patch( 'core.db.backend.pg.psycopg2.connect') # open mocked connection self.backend = PGBackend(self.username, self.password, repo_base=self.username) def tearDown(self): # Make sure connections are only ever acquired via pools self.assertFalse(self.mock_connect.called) def test_check_for_injections(self): """Tests validation against some sql injection attacks.""" for noun in self.bad_nouns: with self.assertRaises(ValueError): self.backend._check_for_injections(noun) for noun in self.good_nouns: try: self.backend._check_for_injections(noun) except ValueError: self.fail('_check_for_injections failed to verify a good name') def test_validate_table_names(self): """Tests validation against some invalid table names.""" good_tables = ['table', '_dbwipes_cache', 'my_repo1', 'asdfl_fsdvbrbhg_______jkhadsc'] bad_tables = [' table', '1table', 'table;select * from somewhere', 'table-table'] for noun in bad_tables: with self.assertRaises(ValueError): self.backend._validate_table_name(noun) for noun in good_tables: try: self.backend._validate_table_name(noun) except ValueError: self.fail('_validate_table_name failed to verify a good name') def test_check_open_connections(self): mock_get_conn = self.mock_pool_for_cred.return_value.getconn mock_set_isol_level = mock_get_conn.return_value.set_isolation_level self.assertTrue(self.mock_pool_for_cred.called) self.assertTrue(mock_get_conn.called) self.assertTrue(mock_set_isol_level.called) def test_execute_sql_strips_queries(self): query = ' This query needs stripping; ' params = ('param1', 'param2') mock_cursor = self.backend.connection.cursor mock_execute = mock_cursor.return_value.execute mock_cursor.return_value.fetchall.return_value = 'sometuples' mock_cursor.return_value.rowcount = 1000 mock_query_rewriter = MagicMock() mock_query_rewriter.apply_row_level_security.side_effect = lambda x: x self.backend.query_rewriter = mock_query_rewriter res = self.backend.execute_sql(query, params) self.assertTrue(mock_query_rewriter.apply_row_level_security.called) self.assertTrue(mock_cursor.called) self.assertTrue(mock_execute.called) self.assertEqual(res['tuples'], 'sometuples') self.assertEqual(res['status'], True) self.assertEqual(res['row_count'], 1000)
class HelperMethods(TestCase): """Tests connections, validation and execution methods in PGBackend.""" def setUp(self): # some words to test out self.good_nouns = ['good', 'good_noun', 'good-noun'] # some words that shoudl throw validation errors self.bad_nouns = [ '_foo', 'foo_', '-foo', 'foo-', 'foo bar', 'injection;attack', ';injection', 'injection;', ] self.username = "******" self.password = "******" # mock open connection, # or else it will try to create a real db connection self.mock_psychopg = self.create_patch('core.db.backend.pg.psycopg2') # open mocked connection self.backend = PGBackend(self.username, self.password, repo_base=self.username) def create_patch(self, name): # helper method for creating patches patcher = patch(name) thing = patcher.start() self.addCleanup(patcher.stop) return thing def test_check_for_injections(self): """Tests validation against some sql injection attacks.""" for noun in self.bad_nouns: with self.assertRaises(ValueError): self.backend._check_for_injections(noun) for noun in self.good_nouns: try: self.backend._check_for_injections(noun) except ValueError: self.fail('check_for_injections failed to verify a good name') def test_check_open_connections(self): self.assertTrue(self.mock_psychopg.connect.called) def test_execute_sql_strips_queries(self): query = ' This query needs stripping; ' params = ('param1', 'param2') mock_cursor = self.mock_psychopg.connect.return_value.cursor mock_execute = mock_cursor.return_value.execute mock_cursor.return_value.fetchall.return_value = 'sometuples' mock_cursor.return_value.rowcount = 1000 res = self.backend.execute_sql(query, params) self.assertTrue(mock_cursor.called) self.assertTrue(mock_execute.called) self.assertEqual(mock_execute.call_args[0][1], params) self.assertEqual(res['tuples'], 'sometuples') self.assertEqual(res['status'], True) self.assertEqual(res['row_count'], 1000)