arian/navidrome
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Improve SQL sanitization

Browse Source
This commit is contained in:
Deluan
2024-09-09 19:45:02 -04:00
parent d3bb4bb9a1
commit 3107170afd
23 changed files with 259 additions and 159 deletions
Download Patch File Download Diff File Expand all files Collapse all files
persistence/sql_restful_test.go
+9 -7
View File
@@ -1,6 +1,8 @@
package persistence
import (
"context"
"github.com/Masterminds/squirrel"
"github.com/deluan/rest"
. "github.com/onsi/ginkgo/v2"
@@ -9,31 +11,31 @@ import (
var _ = Describe("sqlRestful", func() {
Describe("parseRestFilters", func() {
var r sqlRestful
var r sqlRepository
var options rest.QueryOptions
BeforeEach(func() {
r = sqlRestful{}
r = sqlRepository{}
})
It("returns nil if filters is empty", func() {
options.Filters = nil
Expect(r.parseRestFilters(options)).To(BeNil())
Expect(r.parseRestFilters(context.Background(), options)).To(BeNil())
})
It("returns a '=' condition for 'id' filter", func() {
options.Filters = map[string]interface{}{"id": "123"}
Expect(r.parseRestFilters(options)).To(Equal(squirrel.And{squirrel.Eq{"id": "123"}}))
Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Eq{"id": "123"}}))
})
It("returns a 'in' condition for multiples 'id' filters", func() {
options.Filters = map[string]interface{}{"id": []string{"123", "456"}}
Expect(r.parseRestFilters(options)).To(Equal(squirrel.And{squirrel.Eq{"id": []string{"123", "456"}}}))
Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Eq{"id": []string{"123", "456"}}}))
})
It("returns a 'like' condition for other filters", func() {
options.Filters = map[string]interface{}{"name": "joe"}
Expect(r.parseRestFilters(options)).To(Equal(squirrel.And{squirrel.Like{"name": "joe%"}}))
Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Like{"name": "joe%"}}))
})
It("uses the custom filter", func() {
@@ -43,7 +45,7 @@ var _ = Describe("sqlRestful", func() {
},
}
options.Filters = map[string]interface{}{"test": 100}
Expect(r.parseRestFilters(options)).To(Equal(squirrel.And{squirrel.Gt{"test": 100}}))
Expect(r.parseRestFilters(context.Background(), options)).To(Equal(squirrel.And{squirrel.Gt{"test": 100}}))
})
})
})