Skip to content

Commit 13e7abe

Browse files
author
Daniele Briggi
committed
chore(tests): invalid people db
1 parent 0453b09 commit 13e7abe

File tree

2 files changed

+20
-11
lines changed

2 files changed

+20
-11
lines changed

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@sqlitecloud/drivers",
3-
"version": "1.0.343",
3+
"version": "1.0.345",
44
"description": "SQLiteCloud drivers for Typescript/Javascript in edge, web and node clients",
55
"main": "./lib/index.js",
66
"types": "./lib/index.d.ts",

test/database.test.ts

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,15 @@
33
*/
44

55
import { SQLiteCloudRowset, SQLiteCloudRow, SQLiteCloudError, sanitizeSQLiteIdentifier } from '../src/index'
6-
import { getTestingDatabase, getTestingDatabaseAsync, getChinookDatabase, removeDatabase, removeDatabaseAsync, LONG_TIMEOUT, getChinookWebsocketConnection } from './shared'
6+
import {
7+
getTestingDatabase,
8+
getTestingDatabaseAsync,
9+
getChinookDatabase,
10+
removeDatabase,
11+
removeDatabaseAsync,
12+
LONG_TIMEOUT,
13+
getChinookWebsocketConnection
14+
} from './shared'
715
import { RowCountCallback } from '../src/drivers/types'
816
import { expect, describe, it } from '@jest/globals'
917
import { Database } from 'sqlite3'
@@ -481,23 +489,24 @@ describe('Database.sql (async)', () => {
481489
it('should sanitize database name and run the query', async () => {
482490
const database = await getTestingDatabaseAsync()
483491

484-
const databaseName = sanitizeSQLiteIdentifier('people.sqlite')
492+
const databaseName = sanitizeSQLiteIdentifier(database.getConfiguration().database || '')
485493
await expect(database.sql(`USE DATABASE ${databaseName}`)).resolves.toBe('OK')
486494
})
487495

488496
it('should sanitize table name and run the query', async () => {
489497
const database = await getTestingDatabaseAsync()
490498

491499
const table = sanitizeSQLiteIdentifier('people')
492-
await expect(database.sql(`USE DATABASE people.sqlite; SELECT id FROM ${table} LIMIT 1`)).resolves.toMatchObject([{ id: 1 }])
500+
await expect(database.sql(`SELECT id FROM ${table} LIMIT 1`)).resolves.toMatchObject([{ id: 1 }])
493501
})
494502

495503
it('should sanitize SQL Injection as table name', async () => {
496504
const database = await getTestingDatabaseAsync()
505+
const databaseName = database.getConfiguration().database
497506

498-
const databaseName = sanitizeSQLiteIdentifier('people.sqlite; SELECT * FROM people; -- ')
499-
await expect(database.sql(`USE DATABASE ${databaseName}`)).rejects.toThrow(
500-
'Database name contains invalid characters (people.sqlite; SELECT * FROM people; --).'
507+
const sanitizedDBName = sanitizeSQLiteIdentifier(`${databaseName}; SELECT * FROM people; -- `)
508+
await expect(database.sql(`USE DATABASE ${sanitizedDBName}`)).rejects.toThrow(
509+
`Database name contains invalid characters (${databaseName}; SELECT * FROM people; --).`
501510
)
502511

503512
const table = sanitizeSQLiteIdentifier('people; -- ')
@@ -508,17 +517,17 @@ describe('Database.sql (async)', () => {
508517
it('should throw exception when using table name as binding', async () => {
509518
const database = await getTestingDatabaseAsync()
510519
const table = 'people'
511-
await expect(database.sql`USE DATABASE people.sqlite; SELECT * FROM ${table}`).rejects.toThrow('near "?": syntax error')
520+
await expect(database.sql`SELECT * FROM ${table}`).rejects.toThrow('near "?": syntax error')
512521
})
513522

514523
it('should built in commands accept bindings', async () => {
515524
const database = await getTestingDatabaseAsync()
516525

517-
let databaseName = 'people.sqlite'
526+
const databaseName = database.getConfiguration().database || ''
518527
await expect(database.sql`USE DATABASE ${databaseName}`).resolves.toBe('OK')
519528

520-
databaseName = 'people.sqlite; SELECT * FROM people'
521-
await expect(database.sql`USE DATABASE ${databaseName}`).rejects.toThrow('Database name contains invalid characters (people.sqlite; SELECT * FROM people).')
529+
const databaseNameInjectSQL = `${databaseName}; SELECT * FROM people`
530+
await expect(database.sql`USE DATABASE ${databaseNameInjectSQL}`).rejects.toThrow(`Database name contains invalid characters (${databaseNameInjectSQL}).`)
522531

523532
let key = 'logo_level'
524533
let value = 'debug'

0 commit comments

Comments
 (0)