diff options
| author | Raimonds Simanovskis <raimonds.simanovskis@gmail.com> | 2010-05-16 19:55:21 +0300 |
|---|---|---|
| committer | Raimonds Simanovskis <raimonds.simanovskis@gmail.com> | 2010-06-04 22:44:03 +0300 |
| commit | 05ef038bb955d4a0c9cbda50bf7ff7eb259bdf59 (patch) | |
| tree | 1c269222a3208e24e3619ccae61958d02ce52b33 /activerecord | |
| parent | c6d6b5016631ae0d2c6f09bb289fb9b54dca9a0a (diff) | |
| download | rails-05ef038bb955d4a0c9cbda50bf7ff7eb259bdf59.tar.gz rails-05ef038bb955d4a0c9cbda50bf7ff7eb259bdf59.tar.bz2 rails-05ef038bb955d4a0c9cbda50bf7ff7eb259bdf59.zip | |
Fixed adapter tests not to assert LIMIT and OFFSET in SQL strings
Fixed adapter test cases that were failing in oracle because the asserts were looking for the presence of offset and limit which are not available in oracle. Changed the tests to check that the sql injection is not present in the output so that the tests are database adapter agnostic.
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/test/cases/adapter_test.rb | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/activerecord/test/cases/adapter_test.rb b/activerecord/test/cases/adapter_test.rb index 9b28766405..0152b7be2a 100644 --- a/activerecord/test/cases/adapter_test.rb +++ b/activerecord/test/cases/adapter_test.rb @@ -145,22 +145,13 @@ class AdapterTest < ActiveRecord::TestCase def test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas sql_inject = "1 select * from schema" - assert_equal " LIMIT 1", @connection.add_limit_offset!("", :limit => sql_inject) - if current_adapter?(:MysqlAdapter) - assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7) - else - assert_equal " LIMIT 1 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7) - end + assert_no_match /schema/, @connection.add_limit_offset!("", :limit=>sql_inject) + assert_no_match /schema/, @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7) end def test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas sql_inject = "1, 7 procedure help()" - if current_adapter?(:MysqlAdapter) - assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject) - assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => '1 ; DROP TABLE USERS', :offset => 7) - else - assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject) - assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7) - end + assert_no_match /procedure/, @connection.add_limit_offset!("", :limit=>sql_inject) + assert_no_match /procedure/, @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7) end end |