luciano/honeysql
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add test for (v1) SQL Injection in insert #299

Browse source
This commit is contained in:
Sean Corfield 2021-02-22 10:56:32 -08:00
parent b0782b93dd
commit 770beec886
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
test/honey/sql_test.cljc
View file

@ -584,3 +584,13 @@ ORDER BY id = ? DESC
(h/where [:= :state 42]) (h/where [:= :state 42])
(h/order-by [[:= :id 123] :desc])) (h/order-by [[:= :id 123] :desc]))
{:pretty true})))) {:pretty true}))))
(deftest issue-299-test
(let [name "test field"
;; this was a bug in v1 -- adding here to prevent regression:
enabled [true, "); SELECT case when (SELECT current_setting('is_superuser'))='off' then pg_sleep(0.2) end; -- "]]
(is (= ["INSERT INTO table (name, enabled) VALUES (?, (TRUE, ?))" name (second enabled)]
(format {:insert-into :table
:values [{:name name
:enabled enabled}]})))))