code.vegaprotocol.io/vega@v0.79.0/datanode/sqlstore/sanitize_test.go

code.vegaprotocol.io/vega@v0.79.0/datanode/sqlstore/sanitize_test.go (about)

     1  // Copyright (C) 2023 Gobalsky Labs Limited
     2  //
     3  // This program is free software: you can redistribute it and/or modify
     4  // it under the terms of the GNU Affero General Public License as
     5  // published by the Free Software Foundation, either version 3 of the
     6  // License, or (at your option) any later version.
     7  //
     8  // This program is distributed in the hope that it will be useful,
     9  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    10  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11  // GNU Affero General Public License for more details.
    12  //
    13  // You should have received a copy of the GNU Affero General Public License
    14  // along with this program.  If not, see <http://www.gnu.org/licenses/>.
    15  
    16  package sqlstore
    17  
    18  import (
    19  	"testing"
    20  )
    21  
    22  func TestQuoteString(t *testing.T) {
    23  	if quoteString("test") != "'test'" {
    24  		t.Error("Failed to quote string")
    25  	}
    26  
    27  	if quoteString("Jack's") != "'Jack''s'" {
    28  		t.Error("Failed to quote and escape string with embedded quote")
    29  	}
    30  }
    31  
    32  func TestSanitizeSql(t *testing.T) {
    33  	if san, err := SanitizeSql("select $1", nil); err != nil || san != "select null" {
    34  		t.Errorf("Failed to translate nil to null: %v - %v", san, err)
    35  	}
    36  
    37  	if san, err := SanitizeSql("select $1", "Jack's"); err != nil || san != "select 'Jack''s'" {
    38  		t.Errorf("Failed to sanitize string: %v - %v", san, err)
    39  	}
    40  
    41  	if san, err := SanitizeSql("select $1", 42); err != nil || san != "select 42" {
    42  		t.Errorf("Failed to pass through integer: %v - %v", san, err)
    43  	}
    44  
    45  	if san, err := SanitizeSql("select $1", 1.23); err != nil || san != "select 1.23" {
    46  		t.Errorf("Failed to pass through float: %v - %v", san, err)
    47  	}
    48  
    49  	if san, err := SanitizeSql("select $1", true); err != nil || san != "select true" {
    50  		t.Errorf("Failed to pass through bool: %v - %v", san, err)
    51  	}
    52  
    53  	if san, err := SanitizeSql("select $1, $2, $3", "Jack's", 42, 1.23); err != nil || san != "select 'Jack''s', 42, 1.23" {
    54  		t.Errorf("Failed to sanitize multiple params: %v - %v", san, err)
    55  	}
    56  
    57  	bytea := make([]byte, 4)
    58  	bytea[0] = 0   // 0x00
    59  	bytea[1] = 15  // 0x0F
    60  	bytea[2] = 255 // 0xFF
    61  	bytea[3] = 17  // 0x11
    62  
    63  	if san, err := SanitizeSql("select $1", bytea); err != nil || san != `select E'\\x000fff11'` {
    64  		t.Errorf("Failed to sanitize []byte: %v - %v", san, err)
    65  	}
    66  
    67  	int2a := make([]int16, 4)
    68  	int2a[0] = 42
    69  	int2a[1] = 0
    70  	int2a[2] = -1
    71  	int2a[3] = 32123
    72  
    73  	if san, err := SanitizeSql("select $1::int2[]", int2a); err != nil || san != `select '{42,0,-1,32123}'::int2[]` {
    74  		t.Errorf("Failed to sanitize []int16: %v - %v", san, err)
    75  	}
    76  
    77  	int4a := make([]int32, 4)
    78  	int4a[0] = 42
    79  	int4a[1] = 0
    80  	int4a[2] = -1
    81  	int4a[3] = 32123
    82  
    83  	if san, err := SanitizeSql("select $1::int4[]", int4a); err != nil || san != `select '{42,0,-1,32123}'::int4[]` {
    84  		t.Errorf("Failed to sanitize []int32: %v - %v", san, err)
    85  	}
    86  
    87  	int8a := make([]int64, 4)
    88  	int8a[0] = 42
    89  	int8a[1] = 0
    90  	int8a[2] = -1
    91  	int8a[3] = 32123
    92  
    93  	if san, err := SanitizeSql("select $1::int8[]", int8a); err != nil || san != `select '{42,0,-1,32123}'::int8[]` {
    94  		t.Errorf("Failed to sanitize []int64: %v - %v", san, err)
    95  	}
    96  }