class HelperMethods(TestCase):
"""Tests connections, validation and execution methods in PGBackend."""
def setUp(self):
# some words to test out
self.good_nouns = ["good", "good_noun", "good-noun"]
# some words that shoudl throw validation errors
self.bad_nouns = ["_foo", "foo_", "-foo", "foo-", "foo bar", "injection;attack", ";injection", "injection;"]
self.username = "******"
self.password = "******"
# mock open connection,
# or else it will try to create a real db connection
self.mock_psychopg = self.create_patch("core.db.backend.pg.psycopg2")
# open mocked connection
self.backend = PGBackend(self.username, self.password, repo_base=self.username)
def create_patch(self, name):
# helper method for creating patches
patcher = patch(name)
thing = patcher.start()
self.addCleanup(patcher.stop)
return thing
def test_check_for_injections(self):
"""Tests validation against some sql injection attacks."""
for noun in self.bad_nouns:
with self.assertRaises(ValueError):
self.backend._check_for_injections(noun)
for noun in self.good_nouns:
try:
self.backend._check_for_injections(noun)
except ValueError:
self.fail("check_for_injections failed to verify a good name")
def test_check_open_connections(self):
self.assertTrue(self.mock_psychopg.connect.called)
def test_execute_sql_strips_queries(self):
query = " This query needs stripping; "
params = ("param1", "param2")
mock_cursor = self.mock_psychopg.connect.return_value.cursor
mock_execute = mock_cursor.return_value.execute
mock_cursor.return_value.fetchall.return_value = "sometuples"
mock_cursor.return_value.rowcount = 1000
res = self.backend.execute_sql(query, params)
self.assertTrue(mock_cursor.called)
self.assertTrue(mock_execute.called)
self.assertEqual(mock_execute.call_args[0][1], params)
self.assertEqual(res["tuples"], "sometuples")
self.assertEqual(res["status"], True)
self.assertEqual(res["row_count"], 1000)
class PGBackendHelperMethods(MockingMixin, TestCase):
"""Tests connections, validation and execution methods in PGBackend."""
def setUp(self):
# some words to test out
self.good_nouns = ['good', 'good_noun', 'goodNoun', 'good1']
# some words that should throw validation errors
self.bad_nouns = [
'_foo',
'foo_',
'-foo',
'foo-',
'foo bar',
'1foo',
'injection;attack',
';injection',
'injection;',
]
self.username = "******"
self.password = "******"
# mock connection pools so nothing gets a real db connection
self.mock_pool_for_cred = self.create_patch(
'core.db.backend.pg._pool_for_credentials')
# mock open connection, only to check if it ever gets called directly
self.mock_connect = self.create_patch(
'core.db.backend.pg.psycopg2.connect')
# open mocked connection
self.backend = PGBackend(self.username,
self.password,
repo_base=self.username)
def tearDown(self):
# Make sure connections are only ever acquired via pools
self.assertFalse(self.mock_connect.called)
def test_check_for_injections(self):
"""Tests validation against some sql injection attacks."""
for noun in self.bad_nouns:
with self.assertRaises(ValueError):
self.backend._check_for_injections(noun)
for noun in self.good_nouns:
try:
self.backend._check_for_injections(noun)
except ValueError:
self.fail('_check_for_injections failed to verify a good name')
def test_validate_table_names(self):
"""Tests validation against some invalid table names."""
good_tables = [
'table', '_dbwipes_cache', 'my_repo1',
'asdfl_fsdvbrbhg_______jkhadsc'
]
bad_tables = [
' table', '1table', 'table;select * from somewhere', 'table-table'
]
for noun in bad_tables:
with self.assertRaises(ValueError):
self.backend._validate_table_name(noun)
for noun in good_tables:
try:
self.backend._validate_table_name(noun)
except ValueError:
self.fail('_validate_table_name failed to verify a good name')
def test_check_open_connections(self):
mock_get_conn = self.mock_pool_for_cred.return_value.getconn
mock_set_isol_level = mock_get_conn.return_value.set_isolation_level
self.assertTrue(self.mock_pool_for_cred.called)
self.assertTrue(mock_get_conn.called)
self.assertTrue(mock_set_isol_level.called)
def test_execute_sql_strips_queries(self):
query = ' This query needs stripping; '
params = ('param1', 'param2')
mock_cursor = self.backend.connection.cursor
mock_execute = mock_cursor.return_value.execute
mock_cursor.return_value.fetchall.return_value = 'sometuples'
mock_cursor.return_value.rowcount = 1000
mock_query_rewriter = MagicMock()
mock_query_rewriter.apply_row_level_security.side_effect = lambda x: x
self.backend.query_rewriter = mock_query_rewriter
res = self.backend.execute_sql(query, params)
self.assertTrue(mock_query_rewriter.apply_row_level_security.called)
self.assertTrue(mock_cursor.called)
self.assertTrue(mock_execute.called)
self.assertEqual(res['tuples'], 'sometuples')
self.assertEqual(res['status'], True)
self.assertEqual(res['row_count'], 1000)
class PGBackendHelperMethods(MockingMixin, TestCase):
"""Tests connections, validation and execution methods in PGBackend."""
def setUp(self):
# some words to test out
self.good_nouns = ['good', 'good_noun', 'goodNoun', 'good1']
# some words that should throw validation errors
self.bad_nouns = ['_foo', 'foo_', '-foo', 'foo-', 'foo bar', '1foo',
'injection;attack', ';injection', 'injection;',
]
self.username = "******"
self.password = "******"
# mock connection pools so nothing gets a real db connection
self.mock_pool_for_cred = self.create_patch(
'core.db.backend.pg._pool_for_credentials')
# mock open connection, only to check if it ever gets called directly
self.mock_connect = self.create_patch(
'core.db.backend.pg.psycopg2.connect')
# open mocked connection
self.backend = PGBackend(self.username,
self.password,
repo_base=self.username)
def tearDown(self):
# Make sure connections are only ever acquired via pools
self.assertFalse(self.mock_connect.called)
def test_check_for_injections(self):
"""Tests validation against some sql injection attacks."""
for noun in self.bad_nouns:
with self.assertRaises(ValueError):
self.backend._check_for_injections(noun)
for noun in self.good_nouns:
try:
self.backend._check_for_injections(noun)
except ValueError:
self.fail('_check_for_injections failed to verify a good name')
def test_validate_table_names(self):
"""Tests validation against some invalid table names."""
good_tables = ['table', '_dbwipes_cache', 'my_repo1',
'asdfl_fsdvbrbhg_______jkhadsc']
bad_tables = [' table', '1table', 'table;select * from somewhere',
'table-table']
for noun in bad_tables:
with self.assertRaises(ValueError):
self.backend._validate_table_name(noun)
for noun in good_tables:
try:
self.backend._validate_table_name(noun)
except ValueError:
self.fail('_validate_table_name failed to verify a good name')
def test_check_open_connections(self):
mock_get_conn = self.mock_pool_for_cred.return_value.getconn
mock_set_isol_level = mock_get_conn.return_value.set_isolation_level
self.assertTrue(self.mock_pool_for_cred.called)
self.assertTrue(mock_get_conn.called)
self.assertTrue(mock_set_isol_level.called)
def test_execute_sql_strips_queries(self):
query = ' This query needs stripping; '
params = ('param1', 'param2')
mock_cursor = self.backend.connection.cursor
mock_execute = mock_cursor.return_value.execute
mock_cursor.return_value.fetchall.return_value = 'sometuples'
mock_cursor.return_value.rowcount = 1000
mock_query_rewriter = MagicMock()
mock_query_rewriter.apply_row_level_security.side_effect = lambda x: x
self.backend.query_rewriter = mock_query_rewriter
res = self.backend.execute_sql(query, params)
self.assertTrue(mock_query_rewriter.apply_row_level_security.called)
self.assertTrue(mock_cursor.called)
self.assertTrue(mock_execute.called)
self.assertEqual(res['tuples'], 'sometuples')
self.assertEqual(res['status'], True)
self.assertEqual(res['row_count'], 1000)
class HelperMethods(TestCase):
"""Tests connections, validation and execution methods in PGBackend."""
def setUp(self):
# some words to test out
self.good_nouns = ['good', 'good_noun', 'good-noun']
# some words that shoudl throw validation errors
self.bad_nouns = [
'_foo',
'foo_',
'-foo',
'foo-',
'foo bar',
'injection;attack',
';injection',
'injection;',
]
self.username = "******"
self.password = "******"
# mock open connection,
# or else it will try to create a real db connection
self.mock_psychopg = self.create_patch('core.db.backend.pg.psycopg2')
# open mocked connection
self.backend = PGBackend(self.username,
self.password,
repo_base=self.username)
def create_patch(self, name):
# helper method for creating patches
patcher = patch(name)
thing = patcher.start()
self.addCleanup(patcher.stop)
return thing
def test_check_for_injections(self):
"""Tests validation against some sql injection attacks."""
for noun in self.bad_nouns:
with self.assertRaises(ValueError):
self.backend._check_for_injections(noun)
for noun in self.good_nouns:
try:
self.backend._check_for_injections(noun)
except ValueError:
self.fail('check_for_injections failed to verify a good name')
def test_check_open_connections(self):
self.assertTrue(self.mock_psychopg.connect.called)
def test_execute_sql_strips_queries(self):
query = ' This query needs stripping; '
params = ('param1', 'param2')
mock_cursor = self.mock_psychopg.connect.return_value.cursor
mock_execute = mock_cursor.return_value.execute
mock_cursor.return_value.fetchall.return_value = 'sometuples'
mock_cursor.return_value.rowcount = 1000
res = self.backend.execute_sql(query, params)
self.assertTrue(mock_cursor.called)
self.assertTrue(mock_execute.called)
self.assertEqual(mock_execute.call_args[0][1], params)
self.assertEqual(res['tuples'], 'sometuples')
self.assertEqual(res['status'], True)
self.assertEqual(res['row_count'], 1000)
