class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = {'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name} environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, args = self.report_module.sql_sub_vars("$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], args) def test_sub_var_quotes(self): sql, args = self.report_module.sql_sub_vars("'$VAR'", {'VAR': 'value'}) self.assertEqual(self.env.get_db_cnx().concat("''", '%s', "''"), sql) self.assertEqual(['value'], args) # Probably not needed anymore def test_sub_var_mysql(self): env = EnvironmentStub() env.db = MockMySQLConnection() # ditto sql, args = ReportModule(env).sql_sub_vars("'$VAR'", {'VAR': 'value'}) self.assertEqual("concat('', %s, '')", sql) self.assertEqual(['value'], args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL'] rows = [('value, needs escaped',)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual('TEST_COL\r\n"value, needs escaped"\r\n', buf.getvalue())
class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def tearDown(self): self.env.reset_db() def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = {'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name} environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_digits_underscore(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$_VAR, $VAR2, $2VAR", {'_VAR': 'value1', 'VAR2': 'value2'}) self.assertEqual("%s, %s, $2VAR", sql) self.assertEqual(['value1', 'value2'], values) self.assertEqual([], missing_args) def test_sub_var_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "'$VAR'", {'VAR': 'value'}) self.assertEqual(self.env.get_read_db().concat("''", '%s', "''"), sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_missing_args(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR, $PARAM, $MISSING", {'VAR': 'value'}) self.assertEqual("%s, %s, %s", sql) self.assertEqual(['value', '', ''], values) self.assertEqual(['PARAM', 'MISSING'], missing_args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL', 'TEST_ZERO'] rows = [('value, needs escaped', 0)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual('\xef\xbb\xbfTEST_COL,TEST_ZERO\r\n"value, needs escaped",0\r\n', buf.getvalue()) def test_saved_custom_query_redirect(self): query = u'query:?type=résumé' db = self.env.get_db_cnx() cursor = db.cursor() cursor.execute("INSERT INTO report (title,query,description) " "VALUES (%s,%s,%s)", ('redirect', query, '')) id = db.get_last_id(cursor, 'report') db.commit() headers_sent = {} def start_response(status, headers): headers_sent.update(dict(headers)) environ = self._make_environ() req = Request(environ, start_response) req.authname = 'anonymous' req.session = Mock(save=lambda: None) self.assertRaises(RequestDone, self.report_module._render_view, req, id) self.assertEqual('http://example.org/trac/query?' + \ 'type=r%C3%A9sum%C3%A9&report=' + str(id), headers_sent['Location'])
class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def tearDown(self): self.env.reset_db() def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = { 'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name } environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_digits_underscore(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$_VAR, $VAR2, $2VAR", { '_VAR': 'value1', 'VAR2': 'value2' }) self.assertEqual("%s, %s, $2VAR", sql) self.assertEqual(['value1', 'value2'], values) self.assertEqual([], missing_args) def test_sub_var_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "'$VAR'", {'VAR': 'value'}) with self.env.db_query as db: concatenated = db.concat("''", '%s', "''") self.assertEqual(concatenated, sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_missing_args(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR, $PARAM, $MISSING", {'VAR': 'value'}) self.assertEqual("%s, %s, %s", sql) self.assertEqual(['value', '', ''], values) self.assertEqual(['PARAM', 'MISSING'], missing_args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL', 'TEST_ZERO'] rows = [('value, needs escaped', 0)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual( '\xef\xbb\xbfTEST_COL,TEST_ZERO\r\n"value, needs escaped",0\r\n', buf.getvalue()) def test_saved_custom_query_redirect(self): query = u'query:?type=résumé' with self.env.db_transaction as db: cursor = db.cursor() cursor.execute( "INSERT INTO report (title,query,description) " "VALUES (%s,%s,%s)", ('redirect', query, '')) id = db.get_last_id(cursor, 'report') headers_sent = {} def start_response(status, headers): headers_sent.update(dict(headers)) environ = self._make_environ() req = Request(environ, start_response) req.authname = 'anonymous' req.session = Mock(save=lambda: None) self.assertRaises(RequestDone, self.report_module._render_view, req, id) self.assertEqual('http://example.org/trac/query?' + \ 'type=r%C3%A9sum%C3%A9&report=' + str(id), headers_sent['Location']) def test_quoted_id_with_var(self): req = Mock(base_path='', chrome={}, args={}, session={}, abs_href=Href('/'), href=Href('/'), locale='', perm=MockPerm(), authname=None, tz=None) name = """%s"`'%%%?""" with self.env.db_query as db: sql = 'SELECT 1 AS %s, $USER AS user' % db.quote(name) rv = self.report_module.execute_paginated_report( req, 1, sql, {'USER': '******'}) self.assertEqual(5, len(rv), repr(rv)) cols, results, num_items, missing_args, limit_offset = rv self.assertEqual([name, 'user'], cols) self.assertEqual([(1, 'joe')], results) self.assertEqual([], missing_args) self.assertEqual(None, limit_offset)
class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def tearDown(self): self.env.reset_db() def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = {'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name} environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_digits_underscore(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$_VAR, $VAR2, $2VAR", {'_VAR': 'value1', 'VAR2': 'value2'}) self.assertEqual("%s, %s, $2VAR", sql) self.assertEqual(['value1', 'value2'], values) self.assertEqual([], missing_args) def test_sub_var_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "'$VAR'", {'VAR': 'value'}) self.assertEqual(self.env.get_read_db().concat("''", '%s', "''"), sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_missing_args(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR, $PARAM, $MISSING", {'VAR': 'value'}) self.assertEqual("%s, %s, %s", sql) self.assertEqual(['value', '', ''], values) self.assertEqual(['PARAM', 'MISSING'], missing_args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL', 'TEST_ZERO'] rows = [('value, needs escaped', 0)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual('\xef\xbb\xbfTEST_COL,TEST_ZERO\r\n"value, needs escaped",0\r\n', buf.getvalue()) def test_saved_custom_query_redirect(self): query = u'query:?type=résumé' db = self.env.get_db_cnx() cursor = db.cursor() cursor.execute("INSERT INTO report (title,query,description) " "VALUES (%s,%s,%s)", ('redirect', query, '')) id = db.get_last_id(cursor, 'report') db.commit() headers_sent = {} def start_response(status, headers): headers_sent.update(dict(headers)) environ = self._make_environ() req = Request(environ, start_response) req.authname = 'anonymous' req.session = Mock(save=lambda: None) self.assertRaises(RequestDone, self.report_module._render_view, req, id) self.assertEqual('http://example.org/trac/query?' + \ 'type=r%C3%A9sum%C3%A9&report=' + str(id), headers_sent['Location'])
class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = { 'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name } environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_digits_underscore(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$_VAR, $VAR2, $2VAR", { '_VAR': 'value1', 'VAR2': 'value2' }) self.assertEqual("%s, %s, $2VAR", sql) self.assertEqual(['value1', 'value2'], values) self.assertEqual([], missing_args) def test_sub_var_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "'$VAR'", {'VAR': 'value'}) self.assertEqual(self.env.get_db_cnx().concat("''", '%s', "''"), sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) # Probably not needed anymore def test_sub_var_mysql(self): env = EnvironmentStub() env.db = MockMySQLConnection() # ditto sql, values, missing_args = ReportModule(env).sql_sub_vars( "'$VAR'", {'VAR': 'value'}) self.assertEqual("concat('', %s, '')", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_missing_args(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR, $PARAM, $MISSING", {'VAR': 'value'}) self.assertEqual("%s, %s, %s", sql) self.assertEqual(['value', '', ''], values) self.assertEqual(['PARAM', 'MISSING'], missing_args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL', 'TEST_ZERO'] rows = [('value, needs escaped', 0)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual('TEST_COL,TEST_ZERO\r\n"value, needs escaped",0\r\n', buf.getvalue())
class ReportTestCase(unittest.TestCase): def setUp(self): self.env = EnvironmentStub() self.report_module = ReportModule(self.env) def tearDown(self): self.env.reset_db() def _make_environ(self, scheme='http', server_name='example.org', server_port=80, method='GET', script_name='/trac', **kwargs): environ = {'wsgi.url_scheme': scheme, 'wsgi.input': StringIO(''), 'REQUEST_METHOD': method, 'SERVER_NAME': server_name, 'SERVER_PORT': server_port, 'SCRIPT_NAME': script_name} environ.update(kwargs) return environ def test_sub_var_no_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR", {'VAR': 'value'}) self.assertEqual("%s", sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_digits_underscore(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$_VAR, $VAR2, $2VAR", {'_VAR': 'value1', 'VAR2': 'value2'}) self.assertEqual("%s, %s, $2VAR", sql) self.assertEqual(['value1', 'value2'], values) self.assertEqual([], missing_args) def test_sub_var_quotes(self): sql, values, missing_args = self.report_module.sql_sub_vars( "'$VAR'", {'VAR': 'value'}) with self.env.db_query as db: concatenated = db.concat("''", '%s', "''") self.assertEqual(concatenated, sql) self.assertEqual(['value'], values) self.assertEqual([], missing_args) def test_sub_var_missing_args(self): sql, values, missing_args = self.report_module.sql_sub_vars( "$VAR, $PARAM, $MISSING", {'VAR': 'value'}) self.assertEqual("%s, %s, %s", sql) self.assertEqual(['value', '', ''], values) self.assertEqual(['PARAM', 'MISSING'], missing_args) def test_csv_escape(self): buf = StringIO() def start_response(status, headers): return buf.write environ = self._make_environ() req = Request(environ, start_response) cols = ['TEST_COL', 'TEST_ZERO'] rows = [('value, needs escaped', 0)] try: self.report_module._send_csv(req, cols, rows) except RequestDone: pass self.assertEqual('\xef\xbb\xbfTEST_COL,TEST_ZERO\r\n"value, needs escaped",0\r\n', buf.getvalue()) def test_saved_custom_query_redirect(self): query = u'query:?type=résumé' with self.env.db_transaction as db: cursor = db.cursor() cursor.execute("INSERT INTO report (title,query,description) " "VALUES (%s,%s,%s)", ('redirect', query, '')) id = db.get_last_id(cursor, 'report') headers_sent = {} def start_response(status, headers): headers_sent.update(dict(headers)) environ = self._make_environ() req = Request(environ, start_response) req.authname = 'anonymous' req.session = Mock(save=lambda: None) self.assertRaises(RequestDone, self.report_module._render_view, req, id) self.assertEqual('http://example.org/trac/query?' + \ 'type=r%C3%A9sum%C3%A9&report=' + str(id), headers_sent['Location']) def test_quoted_id_with_var(self): req = Mock(base_path='', chrome={}, args={}, session={}, abs_href=Href('/'), href=Href('/'), locale='', perm=MockPerm(), authname=None, tz=None) name = """%s"`'%%%?""" with self.env.db_query as db: sql = 'SELECT 1 AS %s, $USER AS user' % db.quote(name) rv = self.report_module.execute_paginated_report(req, 1, sql, {'USER': '******'}) self.assertEqual(5, len(rv), repr(rv)) cols, results, num_items, missing_args, limit_offset = rv self.assertEqual([name, 'user'], cols) self.assertEqual([(1, 'joe')], results) self.assertEqual([], missing_args) self.assertEqual(None, limit_offset)