rails--rails/activerecord/test/cases/sanitize_test.rb

require "cases/helper"
require 'models/binary'
require 'models/author'
require 'models/post'

class SanitizeTest < ActiveRecord::TestCase
  def setup
  end

  def test_sanitize_sql_hash_handles_associations
    quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")
    quoted_column_name = ActiveRecord::Base.connection.quote_column_name("name")
    quoted_table_name = ActiveRecord::Base.connection.quote_table_name("adorable_animals")
    expected_value = "#{quoted_table_name}.#{quoted_column_name} = #{quoted_bambi}"

    assert_deprecated do
      assert_equal expected_value, Binary.send(:sanitize_sql_hash, {adorable_animals: {name: 'Bambi'}})
    end
  end

  def test_sanitize_sql_array_handles_string_interpolation
    quoted_bambi = ActiveRecord::Base.connection.quote_string("Bambi")
    assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=%s", "Bambi"])
    assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=%s", "Bambi".mb_chars])
    quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote_string("Bambi\nand\nThumper")
    assert_equal "name=#{quoted_bambi_and_thumper}",Binary.send(:sanitize_sql_array, ["name=%s", "Bambi\nand\nThumper"])
    assert_equal "name=#{quoted_bambi_and_thumper}",Binary.send(:sanitize_sql_array, ["name=%s", "Bambi\nand\nThumper".mb_chars])
  end

  def test_sanitize_sql_array_handles_bind_variables
    quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")
    assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi"])
    assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi".mb_chars])
    quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper")
    assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper"])
    assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper".mb_chars])
  end

  def test_sanitize_sql_array_handles_relations
    david = Author.create!(name: 'David')
    david_posts = david.posts.select(:id)

    sub_query_pattern = /\(\bselect\b.*?\bwhere\b.*?\)/i

    select_author_sql = Post.send(:sanitize_sql_array, ['id in (?)', david_posts])
    assert_match(sub_query_pattern, select_author_sql, 'should sanitize `Relation` as subquery for bind variables')

    select_author_sql = Post.send(:sanitize_sql_array, ['id in (:post_ids)', post_ids: david_posts])
    assert_match(sub_query_pattern, select_author_sql, 'should sanitize `Relation` as subquery for named bind variables')
  end

  def test_sanitize_sql_array_handles_empty_statement
    select_author_sql = Post.send(:sanitize_sql_array, [''])
    assert_equal('', select_author_sql)
  end

  def test_sanitize_sql_like
    assert_equal '100\%', Binary.send(:sanitize_sql_like, '100%')
    assert_equal 'snake\_cased\_string', Binary.send(:sanitize_sql_like, 'snake_cased_string')
    assert_equal 'C:\\\\Programs\\\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint')
    assert_equal 'normal string 42', Binary.send(:sanitize_sql_like, 'normal string 42')
  end

  def test_sanitize_sql_like_with_custom_escape_character
    assert_equal '100!%', Binary.send(:sanitize_sql_like, '100%', '!')
    assert_equal 'snake!_cased!_string', Binary.send(:sanitize_sql_like, 'snake_cased_string', '!')
    assert_equal 'great!!', Binary.send(:sanitize_sql_like, 'great!', '!')
    assert_equal 'C:\\Programs\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint', '!')
    assert_equal 'normal string 42', Binary.send(:sanitize_sql_like, 'normal string 42', '!')
  end

  def test_sanitize_sql_like_example_use_case
    searchable_post = Class.new(Post) do
      def self.search(term)
        where("title LIKE ?", sanitize_sql_like(term, '!'))
      end
    end

    assert_sql(/LIKE '20!% !_reduction!_!!'/) do
      searchable_post.search("20% _reduction_!").to_a
    end
  end
end
please use ruby -I lib:test path/to/test.rb, or export RUBY_OPT 2011-06-06 14:17:44 -04:00			`require "cases/helper"`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`require 'models/binary'`
Process sub-query relation's binding values Generated sub-query for Relation as array condition for `where` method did not take in account its bind values, in result generates invalid SQL query. Fixed by adding sub-query relation's binding values to base relation Closes: #12586 2013-10-18 16:26:39 -04:00			`require 'models/author'`
			`require 'models/post'`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00
			`class SanitizeTest < ActiveRecord::TestCase`
			`def setup`
			`end`

Fix bug in ActiveRecord::Sanitization#sanitize_sql_hash_for_conditions Fixing CHANGLOG description Remove extra line. Remove blank lines. 2013-04-25 20:20:33 -04:00			`def test_sanitize_sql_hash_handles_associations`
Remove current_adapter? from test_sanitize_sql_hash_handles_associations Because of each adapter implementation differences, `expected_value` string needed to be handled by each adapter. This commit removes current_adapter by using ActiveRecord::ConnectionAdapters::Quoting methods. 2013-05-07 17:35:54 -04:00			`quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")`
			`quoted_column_name = ActiveRecord::Base.connection.quote_column_name("name")`
			`quoted_table_name = ActiveRecord::Base.connection.quote_table_name("adorable_animals")`
Process sub-query relation's binding values Generated sub-query for Relation as array condition for `where` method did not take in account its bind values, in result generates invalid SQL query. Fixed by adding sub-query relation's binding values to base relation Closes: #12586 2013-10-18 16:26:39 -04:00			`expected_value = "#{quoted_table_name}.#{quoted_column_name} = #{quoted_bambi}"`
Fix test asserting the sanitized SQL hash differently to some adapters 2013-05-06 21:00:11 -04:00
Add an `assert_deprecated` for `sanitize_sql_hash_for_conditions` 2014-11-02 16:01:57 -05:00			`assert_deprecated do`
			`assert_equal expected_value, Binary.send(:sanitize_sql_hash, {adorable_animals: {name: 'Bambi'}})`
			`end`
Fix bug in ActiveRecord::Sanitization#sanitize_sql_hash_for_conditions Fixing CHANGLOG description Remove extra line. Remove blank lines. 2013-04-25 20:20:33 -04:00			`end`

Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`def test_sanitize_sql_array_handles_string_interpolation`
			`quoted_bambi = ActiveRecord::Base.connection.quote_string("Bambi")`
			`assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=%s", "Bambi"])`
Change all calls to String#chars to String#mb_chars. 2008-09-21 12:01:15 -04:00			`assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=%s", "Bambi".mb_chars])`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote_string("Bambi\nand\nThumper")`
			`assert_equal "name=#{quoted_bambi_and_thumper}",Binary.send(:sanitize_sql_array, ["name=%s", "Bambi\nand\nThumper"])`
Change all calls to String#chars to String#mb_chars. 2008-09-21 12:01:15 -04:00			`assert_equal "name=#{quoted_bambi_and_thumper}",Binary.send(:sanitize_sql_array, ["name=%s", "Bambi\nand\nThumper".mb_chars])`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`end`

			`def test_sanitize_sql_array_handles_bind_variables`
			`quoted_bambi = ActiveRecord::Base.connection.quote("Bambi")`
			`assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi"])`
Change all calls to String#chars to String#mb_chars. 2008-09-21 12:01:15 -04:00			`assert_equal "name=#{quoted_bambi}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi".mb_chars])`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`quoted_bambi_and_thumper = ActiveRecord::Base.connection.quote("Bambi\nand\nThumper")`
			`assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper"])`
Change all calls to String#chars to String#mb_chars. 2008-09-21 12:01:15 -04:00			`assert_equal "name=#{quoted_bambi_and_thumper}", Binary.send(:sanitize_sql_array, ["name=?", "Bambi\nand\nThumper".mb_chars])`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`end`
Generate subquery for Relation passed as array condition for where Instead of executing 2 queries for fetching records filtered by array condition with Relation, added generation of subquery to current query. This behaviour will be consistent when passes Relation as hash condition to where Closes: #12415 2013-10-12 07:38:37 -04:00
			`def test_sanitize_sql_array_handles_relations`
Process sub-query relation's binding values Generated sub-query for Relation as array condition for `where` method did not take in account its bind values, in result generates invalid SQL query. Fixed by adding sub-query relation's binding values to base relation Closes: #12586 2013-10-18 16:26:39 -04:00			`david = Author.create!(name: 'David')`
			`david_posts = david.posts.select(:id)`

			`sub_query_pattern = /\(\bselect\b.?\bwhere\b.?\)/i`

			`select_author_sql = Post.send(:sanitize_sql_array, ['id in (?)', david_posts])`
			assert_match(sub_query_pattern, select_author_sql, 'should sanitize `Relation` as subquery for bind variables')

			`select_author_sql = Post.send(:sanitize_sql_array, ['id in (:post_ids)', post_ids: david_posts])`
			assert_match(sub_query_pattern, select_author_sql, 'should sanitize `Relation` as subquery for named bind variables')
Generate subquery for Relation passed as array condition for where Instead of executing 2 queries for fetching records filtered by array condition with Relation, added generation of subquery to current query. This behaviour will be consistent when passes Relation as hash condition to where Closes: #12415 2013-10-12 07:38:37 -04:00			`end`
add activerecord test coverage for `sanitize_sql_array` check it is handles empty statement 2014-02-09 07:05:42 -05:00
			`def test_sanitize_sql_array_handles_empty_statement`
			`select_author_sql = Post.send(:sanitize_sql_array, [''])`
			`assert_equal('', select_author_sql)`
			`end`
SQL Like escaping helper method. [Rob Gilson & Yves Senn] Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break. 2014-02-27 13:34:21 -05:00
			`def test_sanitize_sql_like`
			`assert_equal '100\%', Binary.send(:sanitize_sql_like, '100%')`
			`assert_equal 'snake\_cased\_string', Binary.send(:sanitize_sql_like, 'snake_cased_string')`
			`assert_equal 'C:\\\\Programs\\\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint')`
			`assert_equal 'normal string 42', Binary.send(:sanitize_sql_like, 'normal string 42')`
			`end`

			`def test_sanitize_sql_like_with_custom_escape_character`
			`assert_equal '100!%', Binary.send(:sanitize_sql_like, '100%', '!')`
			`assert_equal 'snake!_cased!_string', Binary.send(:sanitize_sql_like, 'snake_cased_string', '!')`
`sanitize_sql_like` escapes `escape_character` not only backslash. * This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build 2014-04-16 10:45:10 -04:00			`assert_equal 'great!!', Binary.send(:sanitize_sql_like, 'great!', '!')`
			`assert_equal 'C:\\Programs\\MsPaint', Binary.send(:sanitize_sql_like, 'C:\\Programs\\MsPaint', '!')`
SQL Like escaping helper method. [Rob Gilson & Yves Senn] Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break. 2014-02-27 13:34:21 -05:00			`assert_equal 'normal string 42', Binary.send(:sanitize_sql_like, 'normal string 42', '!')`
			`end`

			`def test_sanitize_sql_like_example_use_case`
			`searchable_post = Class.new(Post) do`
			`def self.search(term)`
`sanitize_sql_like` escapes `escape_character` not only backslash. * This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build 2014-04-16 10:45:10 -04:00			`where("title LIKE ?", sanitize_sql_like(term, '!'))`
SQL Like escaping helper method. [Rob Gilson & Yves Senn] Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break. 2014-02-27 13:34:21 -05:00			`end`
			`end`

remove warning `warning: ambiguous first argument; put parentheses or even spaces` 2014-04-18 13:45:42 -04:00			`assert_sql(/LIKE '20!% !_reduction!_!!'/) do`
`sanitize_sql_like` escapes `escape_character` not only backslash. * This is a follow up to: fe4b0eee05f59831e1468ed50f55fbad0ce11e1d * The originating PR is #14222 * It should fix the build 2014-04-16 10:45:10 -04:00			`searchable_post.search("20% _reduction_!").to_a`
SQL Like escaping helper method. [Rob Gilson & Yves Senn] Closes #14222. This is a follow up to #6104 This does not have the backwards compatibility issues brought up in implementation to break. 2014-02-27 13:34:21 -05:00			`end`
			`end`
Fix ActiveRecord::Base.quote_bound_value for ActiveSupper::Multibyte::Chars values. - Adds String#acts_like_string? - Adds Chars#acts_like_string? Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1029 state:committed] 2008-09-11 16:38:20 -04:00			`end`