class SanitizeTest
Public Class Methods
search(term)
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 75 def self.search(term) where("title LIKE ?", sanitize_sql_like(term, "!")) end
Public Instance Methods
quoted_id()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 158 def quoted_id 1 end
setup()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 9 def setup end
test_bind_arity()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 85 def test_bind_arity assert_nothing_raised { bind "" } assert_raise(ActiveRecord::PreparedStatementInvalid) { bind "", 1 } assert_raise(ActiveRecord::PreparedStatementInvalid) { bind "?" } assert_nothing_raised { bind "?", 1 } assert_raise(ActiveRecord::PreparedStatementInvalid) { bind "?", 1, 1 } end
test_bind_chars()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 147 def test_bind_chars quoted_bambi = ActiveRecord::Base.connection.quote("Bambi") quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper") assert_equal "name=#{quoted_bambi}", bind("name=?", "Bambi") assert_equal "name=#{quoted_bambi_and_thumper}", bind("name=?", "Bambi\nand\nThumper") assert_equal "name=#{quoted_bambi}", bind("name=?", "Bambi".mb_chars) assert_equal "name=#{quoted_bambi_and_thumper}", bind("name=?", "Bambi\nand\nThumper".mb_chars) end
test_bind_empty_enumerable()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 135 def test_bind_empty_enumerable quoted_nil = ActiveRecord::Base.connection.quote(nil) assert_equal quoted_nil, bind("?", []) assert_equal " in (#{quoted_nil})", bind(" in (?)", []) assert_equal "foo in (#{quoted_nil})", bind("foo in (?)", []) end
test_bind_empty_string()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 142 def test_bind_empty_string quoted_empty = ActiveRecord::Base.connection.quote("") assert_equal quoted_empty, bind("?", "") end
test_bind_enumerable()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 119 def test_bind_enumerable quoted_abc = %(#{ActiveRecord::Base.connection.quote('a')},#{ActiveRecord::Base.connection.quote('b')},#{ActiveRecord::Base.connection.quote('c')}) assert_equal "1,2,3", bind("?", [1, 2, 3]) assert_equal quoted_abc, bind("?", %w(a b c)) assert_equal "1,2,3", bind(":a", a: [1, 2, 3]) assert_equal quoted_abc, bind(":a", a: %w(a b c)) # ' assert_equal "1,2,3", bind("?", SimpleEnumerable.new([1, 2, 3])) assert_equal quoted_abc, bind("?", SimpleEnumerable.new(%w(a b c))) assert_equal "1,2,3", bind(":a", a: SimpleEnumerable.new([1, 2, 3])) assert_equal quoted_abc, bind(":a", a: SimpleEnumerable.new(%w(a b c))) # ' end
test_bind_record()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 156 def test_bind_record o = Class.new { def quoted_id 1 end }.new assert_deprecated { assert_equal "1", bind("?", o) } os = [o] * 3 assert_deprecated { assert_equal "1,1,1", bind("?", os) } end
test_named_bind_arity()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 101 def test_named_bind_arity assert_nothing_raised { bind "name = :name", name: "37signals" } assert_nothing_raised { bind "name = :name", name: "37signals", id: 1 } assert_raise(ActiveRecord::PreparedStatementInvalid) { bind "name = :name", id: 1 } end
test_named_bind_variables()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 94 def test_named_bind_variables assert_equal "1", bind(":a", a: 1) # ' ruby-mode assert_equal "1 1", bind(":a :a", a: 1) # ' ruby-mode assert_nothing_raised { bind("'+00:00'", foo: "bar") } end
test_named_bind_with_postgresql_type_casts()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 168 def test_named_bind_with_postgresql_type_casts l = Proc.new { bind(":a::integer '2009-01-01'::date", a: "10") } assert_nothing_raised(&l) assert_equal "#{ActiveRecord::Base.connection.quote('10')}::integer '2009-01-01'::date", l.call end
test_sanitize_sql_array_handles_bind_variables()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 21 def test_sanitize_sql_array_handles_bind_variables quoted_bambi = ActiveRecord::Base.connection.quote("Bambi") assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi"]) assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi".mb_chars]) quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper") assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper"]) assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper".mb_chars]) end
test_sanitize_sql_array_handles_empty_statement()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 53 def test_sanitize_sql_array_handles_empty_statement select_author_sql = Post.send(:sanitize_sql_array, [""]) assert_equal("", select_author_sql) end
test_sanitize_sql_array_handles_named_bind_variables()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 30 def test_sanitize_sql_array_handles_named_bind_variables quoted_bambi = ActiveRecord::Base.connection.quote("Bambi") assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi"]) assert_equal "name=#{quoted_bambi} AND id=1", Binary.send(:sanitize_sql_array, ["name=:name AND id=:id", name: "Bambi", id: 1]) quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper") assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name", name: "Bambi\nand\nThumper"]) assert_equal "name=#{quoted_bambi_and_thumper} AND name2=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=:name AND name2=:name", name: "Bambi\nand\nThumper"]) end
test_sanitize_sql_array_handles_relations()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 40 def test_sanitize_sql_array_handles_relations david = Author.create!(name: "David") david_posts = david.posts.select(:id) sub_query_pattern = /\(\bselect\b.*?\bwhere\b.*?\)/i select_author_sql = Post.send(:sanitize_sql_array, ["id in (?)", david_posts]) assert_match(sub_query_pattern, select_author_sql, "should sanitize `Relation` as subquery for bind variables") select_author_sql = Post.send(:sanitize_sql_array, ["id in (:post_ids)", post_ids: david_posts]) assert_match(sub_query_pattern, select_author_sql, "should sanitize `Relation` as subquery for named bind variables") end
test_sanitize_sql_array_handles_string_interpolation()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 12 def test_sanitize_sql_array_handles_string_interpolation quoted_bambi = ActiveRecord::Base.connection.quote_string("Bambi") assert_equal "name='#{quoted_bambi}'", Binary.send(:sanitize_sql_array, ["name='%s'", "Bambi"]) assert_equal "name='#{quoted_bambi}'", Binary.send(:sanitize_sql_array, ["name='%s'", "Bambi".mb_chars]) quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote_string("Bambi\nand\nThumper") assert_equal "name='#{quoted_bambi_and_thumper}'", Binary.send(:sanitize_sql_array, ["name='%s'", "Bambi\nand\nThumper"]) assert_equal "name='#{quoted_bambi_and_thumper}'", Binary.send(:sanitize_sql_array, ["name='%s'", "Bambi\nand\nThumper".mb_chars]) end
test_sanitize_sql_like()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 58 def test_sanitize_sql_like assert_equal '100\%', Binary.send(:sanitize_sql_like, "100%") assert_equal 'snake\_cased\_string', Binary.send(:sanitize_sql_like, "snake_cased_string") assert_equal 'C:\\\\Programs\\\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint') assert_equal "normal string 42", Binary.send(:sanitize_sql_like, "normal string 42") end
test_sanitize_sql_like_example_use_case()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 73 def test_sanitize_sql_like_example_use_case searchable_post = Class.new(Post) do def self.search(term) where("title LIKE ?", sanitize_sql_like(term, "!")) end end assert_sql(/LIKE '20!% !_reduction!_!!'/) do searchable_post.search("20% _reduction_!").to_a end end
test_sanitize_sql_like_with_custom_escape_character()
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 65 def test_sanitize_sql_like_with_custom_escape_character assert_equal "100!%", Binary.send(:sanitize_sql_like, "100%", "!") assert_equal "snake!_cased!_string", Binary.send(:sanitize_sql_like, "snake_cased_string", "!") assert_equal "great!!", Binary.send(:sanitize_sql_like, "great!", "!") assert_equal 'C:\\Programs\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint', "!") assert_equal "normal string 42", Binary.send(:sanitize_sql_like, "normal string 42", "!") end
Private Instance Methods
bind(statement, *vars)
click to toggle source
# File activerecord/test/cases/sanitize_test.rb, line 175 def bind(statement, *vars) if vars.first.is_a?(Hash) ActiveRecord::Base.send(:replace_named_bind_variables, statement, vars.first) else ActiveRecord::Base.send(:replace_bind_variables, statement, vars) end end