def test_argument_to_sql_droptables(): """ Utils.argument_to_sql with Bobby Tables. """ binds = {} name = "Robert'; DROP TABLE Students;--" sql = Utils.argument_to_sql(name, 'name', binds) assert sql == '(name = :name)' assert binds == {'name': name} # This function should not sanitize. That's
def test_argument_to_sql_sequence(): """ Utils.argument_to_sql with sequence. """ sequence = [1, 2, 3] for seq_type in (tuple, set, list): binds = {} sql = Utils.argument_to_sql(seq_type(sequence), 'foo', binds) assert sql == '(foo IN (:foo0, :foo1, :foo2))' assert binds == {'foo0': 1, 'foo1': 2, 'foo2': 3}
def clear_state(self, state_types=None): """ Remove session state data. Session state data mainly constists of cached passwords for the misc_list_passwords command. """ sql = """DELETE FROM [:table schema=cerebrum name=bofhd_session_state] WHERE session_id=:session_id""" binds = {'session_id': self.get_session_id()} if state_types: sql += " AND " + Utils.argument_to_sql(state_types, 'state_type', binds, str) self._db.execute(sql, binds) self._remove_old_sessions()
def clear_state(self, state_types=None): """ Remove session state data. Session state data mainly constists of cached passwords for the misc_list_passwords command. """ sql = """DELETE FROM [:table schema=cerebrum name=bofhd_session_state] WHERE session_id=:session_id""" binds = {"session_id": self.get_session_id()} if state_types: sql += " AND " + Utils.argument_to_sql(state_types, "state_type", binds, str) self._db.execute(sql, binds) self._remove_old_sessions()
def test_argument_to_sql_transform(): """ Utils.argument_to_sql with transform function. """ binds = {} sql = Utils.argument_to_sql(None, 'foo', binds, type) assert sql == '(foo = :foo)' assert binds == {'foo': type(None)}