3
3
*/
4
4
5
5
import { SQLiteCloudRowset , SQLiteCloudRow , SQLiteCloudError , sanitizeSQLiteIdentifier } from '../src/index'
6
- import { getTestingDatabase , getTestingDatabaseAsync , getChinookDatabase , removeDatabase , removeDatabaseAsync , LONG_TIMEOUT , getChinookWebsocketConnection } from './shared'
6
+ import {
7
+ getTestingDatabase ,
8
+ getTestingDatabaseAsync ,
9
+ getChinookDatabase ,
10
+ removeDatabase ,
11
+ removeDatabaseAsync ,
12
+ LONG_TIMEOUT ,
13
+ getChinookWebsocketConnection
14
+ } from './shared'
7
15
import { RowCountCallback } from '../src/drivers/types'
8
16
import { expect , describe , it } from '@jest/globals'
9
17
import { Database } from 'sqlite3'
@@ -481,23 +489,24 @@ describe('Database.sql (async)', () => {
481
489
it ( 'should sanitize database name and run the query' , async ( ) => {
482
490
const database = await getTestingDatabaseAsync ( )
483
491
484
- const databaseName = sanitizeSQLiteIdentifier ( 'people.sqlite ')
492
+ const databaseName = sanitizeSQLiteIdentifier ( database . getConfiguration ( ) . database || ' ')
485
493
await expect ( database . sql ( `USE DATABASE ${ databaseName } ` ) ) . resolves . toBe ( 'OK' )
486
494
} )
487
495
488
496
it ( 'should sanitize table name and run the query' , async ( ) => {
489
497
const database = await getTestingDatabaseAsync ( )
490
498
491
499
const table = sanitizeSQLiteIdentifier ( 'people' )
492
- await expect ( database . sql ( `USE DATABASE people.sqlite; SELECT id FROM ${ table } LIMIT 1` ) ) . resolves . toMatchObject ( [ { id : 1 } ] )
500
+ await expect ( database . sql ( `SELECT id FROM ${ table } LIMIT 1` ) ) . resolves . toMatchObject ( [ { id : 1 } ] )
493
501
} )
494
502
495
503
it ( 'should sanitize SQL Injection as table name' , async ( ) => {
496
504
const database = await getTestingDatabaseAsync ( )
505
+ const databaseName = database . getConfiguration ( ) . database
497
506
498
- const databaseName = sanitizeSQLiteIdentifier ( 'people.sqlite ; SELECT * FROM people; -- ' )
499
- await expect ( database . sql ( `USE DATABASE ${ databaseName } ` ) ) . rejects . toThrow (
500
- ' Database name contains invalid characters (people.sqlite ; SELECT * FROM people; --).'
507
+ const sanitizedDBName = sanitizeSQLiteIdentifier ( ` ${ databaseName } ; SELECT * FROM people; -- ` )
508
+ await expect ( database . sql ( `USE DATABASE ${ sanitizedDBName } ` ) ) . rejects . toThrow (
509
+ ` Database name contains invalid characters (${ databaseName } ; SELECT * FROM people; --).`
501
510
)
502
511
503
512
const table = sanitizeSQLiteIdentifier ( 'people; -- ' )
@@ -508,17 +517,17 @@ describe('Database.sql (async)', () => {
508
517
it ( 'should throw exception when using table name as binding' , async ( ) => {
509
518
const database = await getTestingDatabaseAsync ( )
510
519
const table = 'people'
511
- await expect ( database . sql `USE DATABASE people.sqlite; SELECT * FROM ${ table } ` ) . rejects . toThrow ( 'near "?": syntax error' )
520
+ await expect ( database . sql `SELECT * FROM ${ table } ` ) . rejects . toThrow ( 'near "?": syntax error' )
512
521
} )
513
522
514
523
it ( 'should built in commands accept bindings' , async ( ) => {
515
524
const database = await getTestingDatabaseAsync ( )
516
525
517
- let databaseName = 'people.sqlite '
526
+ const databaseName = database . getConfiguration ( ) . database || ' '
518
527
await expect ( database . sql `USE DATABASE ${ databaseName } ` ) . resolves . toBe ( 'OK' )
519
528
520
- databaseName = 'people.sqlite ; SELECT * FROM people'
521
- await expect ( database . sql `USE DATABASE ${ databaseName } ` ) . rejects . toThrow ( ' Database name contains invalid characters (people.sqlite; SELECT * FROM people).' )
529
+ const databaseNameInjectSQL = ` ${ databaseName } ; SELECT * FROM people`
530
+ await expect ( database . sql `USE DATABASE ${ databaseNameInjectSQL } ` ) . rejects . toThrow ( ` Database name contains invalid characters (${ databaseNameInjectSQL } ).` )
522
531
523
532
let key = 'logo_level'
524
533
let value = 'debug'
0 commit comments