From 977826a0ca344188b75b26bc9c5efd073592f23c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 24 Oct 2024 15:37:53 +0100 Subject: [PATCH] Clean up table assertions in SQL injection tests. --- .../src/api/routes/tests/search.spec.ts | 23 +++++++++++++++---- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/packages/server/src/api/routes/tests/search.spec.ts b/packages/server/src/api/routes/tests/search.spec.ts index d69f3f2c38..1021139ed1 100644 --- a/packages/server/src/api/routes/tests/search.spec.ts +++ b/packages/server/src/api/routes/tests/search.spec.ts @@ -164,6 +164,14 @@ describe.each([ } } + async function assertTableExists(name: string) { + expect(await client!.schema.hasTable(name)).toBeTrue() + } + + async function assertTableNumRows(name: string, numRows: number) { + expect(await client!.from(name).count()).toEqual([{ count: `${numRows}` }]) + } + describe.each([ ["table", createTable], [ @@ -3526,10 +3534,11 @@ describe.each([ }, }) - expect(await client!.schema.hasTable(table.name)).toBeTrue() - await config.api.row.save(tableOrViewId, { [badString]: "foo" }) + await assertTableExists(table.name) + await assertTableNumRows(table.name, 1) + const { rows } = await config.api.row.search( tableOrViewId, { query: {} }, @@ -3537,7 +3546,9 @@ describe.each([ ) expect(rows).toHaveLength(1) - expect(await client!.schema.hasTable(table.name)).toBeTrue() + + await assertTableExists(table.name) + await assertTableNumRows(table.name, 1) }) it("should not allow SQL injection as a field value", async () => { @@ -3553,7 +3564,8 @@ describe.each([ table.name ) - expect(await client!.schema.hasTable(table.name)).toBeTrue() + await assertTableExists(table.name) + await assertTableNumRows(table.name, 1) await config.api.row.save(tableOrViewId, { foo: "foo" }) @@ -3564,7 +3576,8 @@ describe.each([ ) expect(rows).toBeEmpty() - expect(await client!.schema.hasTable(table.name)).toBeTrue() + await assertTableExists(table.name) + await assertTableNumRows(table.name, 1) }) }) })