def test_bindparam_unhex(params): tmpl = jsql.render(''' SELECT * FROM tbl WHERE binary IN ({% for hexval in hex_list %}UNHEX(:{{ bindparam(hexval) }}){{ comma if not loop.last }}{% endfor %}) ''', params) assert tmpl == ''' SELECT * FROM tbl WHERE binary IN (UNHEX(:bp0),UNHEX(:bp1)) ''' assert (params['bp0'], params['bp1']) == (params['hex_list'][0], params['hex_list'][1])
def test_bindparam_union(params): params = params tmpl = jsql.render(''' SELECT * FROM ( {%- for row in tbl -%} {% set outer_loop = loop %} ({%- for key in tbl[0].keys() -%}:{{ bindparam(row.get(key)) }}{% if outer_loop.first %} as {{ key }}{% endif %}{{ comma if not loop.last }} {% endfor %}) {% if not loop.last %}UNION ALL {%- endif -%} {%- endfor -%} ) ''', params) assert tmpl == ''' SELECT * FROM ( (:bp0 as a, :bp1 as b ) UNION ALL (:bp2, :bp3 ) ) ''' assert (params['bp0'], params['bp1'], params['bp2'], params['bp3']) == (params['tbl'][0]['a'], params['tbl'][0]['b'], params['tbl'][1]['a'], params['tbl'][1].get('b'))
def test_check_if_else_else(params): tmpl = jsql.render('{{ unsafe if False else safe }}', params) assert tmpl == 'safe' with pytest.raises(jsql.UnsafeSqlException): tmpl = jsql.render('{{ unsafe if True else safe }}', params)
def test_safe_comma_bind(params): tmpl = jsql.render('{{ comma if False }}', {}) assert tmpl == '' tmpl = jsql.render('{{ comma if True }}', {}) assert tmpl == ','
def test_comma_loop(params): tmpl = jsql.render('{% for i in range(3) %} SQL {{ i + 1 }}{{ comma if not loop.last }}{% endfor %}', {}) assert tmpl == ' SQL 1, SQL 2, SQL 3'
def test_raw_comma_bind(params): tmpl = jsql.render('{{ "," if False }}', {}) assert tmpl == '' with pytest.raises(jsql.UnsafeSqlException): tmpl = jsql.render('{{ "," if True }}', {})
def test_missing_param(params): tmpl = jsql.render('{% if xyz %}AND xyz=:xyz{% endif %}', params) assert tmpl == ''
def test_dangerous_bind(params): tmpl = jsql.render('`{{unsafe | dangerously_inject_sql }}`', params) assert tmpl == '`" unsafe`'
def test_unsafe_bind(params): with pytest.raises(jsql.UnsafeSqlException): tmpl = jsql.render('table_{{unsafe}}', params)
def test_simple_bind(params): tmpl = jsql.render('table_{{safe}}', params) assert tmpl == 'table_safe'