From 2cb301323192116bdbc3f31aea72f48d93f080c7 Mon Sep 17 00:00:00 2001 From: Alexander Tretiakov Date: Thu, 6 Jun 2019 02:31:14 +0300 Subject: [PATCH] fix tests --- .../00954_client_prepared_statements.sh | 8 +++---- ...0955_complex_prepared_statements.reference | 2 +- .../00955_complex_prepared_statements.sh | 23 ++++++++++++------- .../00956_http_prepared_statements.sh | 8 +++---- 4 files changed, 24 insertions(+), 17 deletions(-) diff --git a/dbms/tests/queries/0_stateless/00954_client_prepared_statements.sh b/dbms/tests/queries/0_stateless/00954_client_prepared_statements.sh index 451ea9cbd2c..9ecd60abab6 100755 --- a/dbms/tests/queries/0_stateless/00954_client_prepared_statements.sh +++ b/dbms/tests/queries/0_stateless/00954_client_prepared_statements.sh @@ -9,13 +9,13 @@ $CLICKHOUSE_CLIENT -q "CREATE TABLE ps (i UInt8, s String, d DateTime) ENGINE = $CLICKHOUSE_CLIENT -q "INSERT INTO ps VALUES (1, 'Hello, world', '2005-05-05 05:05:05')"; $CLICKHOUSE_CLIENT -q "INSERT INTO ps VALUES (2, 'test', '2005-05-25 15:00:00')"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_id=1\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_id=1 \ -q "SELECT * FROM ps WHERE i = {id:UInt8}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_phrase='Hello, world'\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_phrase='Hello, world' \ -q "SELECT * FROM ps WHERE s = {phrase:String}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_date='2005-05-25 15:00:00'\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_date='2005-05-25 15:00:00' \ -q "SELECT * FROM ps WHERE d = {date:DateTime}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_id=2 --param_phrase='test'\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_id=2 --param_phrase='test' \ -q "SELECT * FROM ps WHERE i = {id:UInt8} and s = {phrase:String}"; $CLICKHOUSE_CLIENT -q "DROP TABLE ps"; diff --git a/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.reference b/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.reference index 579452008b8..818e30f1273 100644 --- a/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.reference +++ b/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.reference @@ -3,4 +3,4 @@ [10,10,10] [[10],[10],[10]] [10,10,10] [[10],[10],[10]] (10,'Test') (10,('dt',10)) 2015-02-15 -Code: 36. DB::Exception: Expected correct value in parameter with name 'injection' +OK diff --git a/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.sh b/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.sh index ce540ca65fe..b73d7d39eaf 100755 --- a/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.sh +++ b/dbms/tests/queries/0_stateless/00955_complex_prepared_statements.sh @@ -3,6 +3,10 @@ CURDIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) . $CURDIR/../shell_config.sh +EXCEPTION_TEXT="Code: 36. DB::Exception: Expected correct value in parameter with name 'injection'" +EXCEPTION_SUCCESS_TEXT="OK" +EXCEPTION_FAIL_TEXT="FAIL" + $CLICKHOUSE_CLIENT -q "DROP TABLE IF EXISTS ps"; $CLICKHOUSE_CLIENT -q "CREATE TABLE ps ( a Array(UInt32), da Array(Array(UInt8)), @@ -19,18 +23,21 @@ $CLICKHOUSE_CLIENT -q "INSERT INTO ps VALUES ( (10, 'Test'), (10, ('dt', 10)), '2015-02-15')"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_aui="[1, 2]"\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_aui="[1, 2]" \ -q "SELECT t FROM ps WHERE a = {aui:Array(UInt16)}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_d_a="[[1, 1], [2, 2]]"\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_d_a="[[1, 1], [2, 2]]" \ -q "SELECT dt FROM ps WHERE da = {d_a:Array(Array(UInt8))}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_tisd="(10, 'Test')"\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_tisd="(10, 'Test')" \ -q "SELECT a FROM ps WHERE t = {tisd:Tuple(Int16, String)}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_d_t="(10, ('dt', 10))"\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_d_t="(10, ('dt', 10))" \ -q "SELECT da FROM ps WHERE dt = {d_t:Tuple(UInt8, Tuple(String, UInt8))}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_nd="2015-02-15"\ +$CLICKHOUSE_CLIENT --max_threads=1 --param_nd="2015-02-15" \ -q "SELECT * FROM ps WHERE n = {nd:Nullable(Date)}"; -$CLICKHOUSE_CLIENT --max_threads=1 --param_injection="[1] OR 1"\ - -q "SELECT * FROM ps WHERE a = {injection:Array(UInt32)}" 2>&1\ - | grep 'Expected correct value in parameter'; + +# Must throw an exception to avoid SQL injection +$CLICKHOUSE_CLIENT --max_threads=1 --param_injection="[1] OR 1" \ + -q "SELECT * FROM ps WHERE a = {injection:Array(UInt32)}" 2>&1 \ + | grep -q "$EXCEPTION_TEXT" && echo "$EXCEPTION_SUCCESS_TEXT" \ + || echo "$EXCEPTION_FAIL_TEXT"; $CLICKHOUSE_CLIENT -q "DROP TABLE ps"; diff --git a/dbms/tests/queries/0_stateless/00956_http_prepared_statements.sh b/dbms/tests/queries/0_stateless/00956_http_prepared_statements.sh index 23f47e75e1c..e022ff65fc2 100755 --- a/dbms/tests/queries/0_stateless/00956_http_prepared_statements.sh +++ b/dbms/tests/queries/0_stateless/00956_http_prepared_statements.sh @@ -9,13 +9,13 @@ ${CLICKHOUSE_CURL} -sS $CLICKHOUSE_URL -d "CREATE TABLE ps (i UInt8, s String, d ${CLICKHOUSE_CURL} -sS $CLICKHOUSE_URL -d "INSERT INTO ps VALUES (1, 'Hello, world', '2005-05-05')"; ${CLICKHOUSE_CURL} -sS $CLICKHOUSE_URL -d "INSERT INTO ps VALUES (2, 'test', '2019-05-25')"; -${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_id=1"\ +${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_id=1" \ -d "SELECT * FROM ps WHERE i = {id:UInt8} ORDER BY i, s, d"; -${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_phrase=Hello,+world"\ +${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_phrase=Hello,+world" \ -d "SELECT * FROM ps WHERE s = {phrase:String} ORDER BY i, s, d"; -${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_date=2019-05-25"\ +${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_date=2019-05-25" \ -d "SELECT * FROM ps WHERE d = {date:Date} ORDER BY i, s, d"; -${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_id=2¶m_phrase=test"\ +${CLICKHOUSE_CURL} -sS "${CLICKHOUSE_URL}?param_id=2¶m_phrase=test" \ -d "SELECT * FROM ps WHERE i = {id:UInt8} and s = {phrase:String} ORDER BY i, s, d"; ${CLICKHOUSE_CURL} -sS $CLICKHOUSE_URL -d "DROP TABLE ps";