def test_blacklist_check_runs_before_execution(self): q = SimpleQueryFactory(sql='select 1;') with AssertMethodIsCalled(q, "passes_blacklist"): headers, data, duration, error = q.headers_and_data()
def test_blacklist_prevents_bad_sql_from_executing(self): q = SimpleQueryFactory(sql='select 1 "delete";') headers, data, duration, error = q.headers_and_data() self.assertEqual(error, MSG_FAILED_BLACKLIST)
def test_blacklist_prevents_bad_sql_with_params_from_executing(self): q = SimpleQueryFactory(sql="select '$$foo$$';") headers, data, duration, error = q.headers_and_data( params={"foo": "'; delete from *; select'"}) self.assertEqual(error, MSG_FAILED_BLACKLIST)
def test_blacklist_prevents_bad_sql_with_params_from_executing(self): q = SimpleQueryFactory(sql="select '$$foo$$';") q.params = {"foo": "'; delete from *; select'"} res = q.headers_and_data() self.assertEqual(res.error, MSG_FAILED_BLACKLIST)