def test_query_logs_final_sql(self): q = SimpleQueryFactory(sql="select '$$foo$$';") q.params = {'foo': 'bar'} q.log(None) self.assertEqual(1, QueryLog.objects.count()) log = QueryLog.objects.first() self.assertEqual(log.sql, "select 'bar';")
def test_params_get_merged(self): q = SimpleQueryFactory(sql="select '$$foo$$';") q.params = {'foo': 'bar', 'mux': 'qux'} self.assertEqual(q.available_params(), {'foo': 'bar'})
def test_form_is_invalid_with_non_select_statement(self): q = SimpleQueryFactory(sql="delete $$a$$;", created_by_user_id=None) q.params = {} form = QueryForm(model_to_dict(q)) self.assertFalse(form.is_valid())
def test_form_fails_blacklist(self): q = SimpleQueryFactory(sql="delete $$a$$;", created_by_user_id=None) q.params = {} form = QueryForm(model_to_dict(q)) self.assertFalse(form.is_valid())
def test_form_is_always_valid_with_params(self): q = SimpleQueryFactory(sql="select $$a$$;") q.params = {} form = QueryForm(model_to_dict(q)) self.assertTrue(form.is_valid())
def test_final_sql_uses_merged_params(self): q = SimpleQueryFactory(sql="select '$$foo:bar$$', '$$qux$$';") q.params = {'qux': 'mux'} expected = "select 'bar', 'mux';" self.assertEqual(q.final_sql(), expected)
def test_form_fails_blacklist_even_with_params(self): q = SimpleQueryFactory(sql="delete $$a$$;", created_by_user_id=None) q.params = {} form = QueryForm(model_to_dict(q)) self.assertFalse(form.is_valid())
def test_params_get_merged(self): q = SimpleQueryFactory(sql="select '$$foo$$';") q.params = {"foo": "bar", "mux": "qux"} self.assertEqual(q.available_params(), {"foo": "bar"})
def test_blacklist_prevents_bad_sql_with_params_from_executing(self): q = SimpleQueryFactory(sql="select '$$foo$$';") q.params = {"foo": "'; delete from *; select'"} res = q.headers_and_data() self.assertEqual(res.error, MSG_FAILED_BLACKLIST)