Permalink
Browse files

Fixed adapter tests not to assert LIMIT and OFFSET in SQL strings

Fixed adapter test cases that were failing in oracle because the asserts were looking for the presence of offset and limit which are not available in oracle. Changed the tests to check that the sql injection is not present in the output so that the tests are database adapter agnostic.
  • Loading branch information...
1 parent c6d6b50 commit 05ef038bb955d4a0c9cbda50bf7ff7eb259bdf59 @rsim rsim committed May 16, 2010
Showing with 4 additions and 13 deletions.
  1. +4 −13 activerecord/test/cases/adapter_test.rb
@@ -145,22 +145,13 @@ def test_foreign_key_violations_are_translated_to_specific_exception
def test_add_limit_offset_should_sanitize_sql_injection_for_limit_without_comas
sql_inject = "1 select * from schema"
- assert_equal " LIMIT 1", @connection.add_limit_offset!("", :limit => sql_inject)
- if current_adapter?(:MysqlAdapter)
- assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
- else
- assert_equal " LIMIT 1 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
- end
+ assert_no_match /schema/, @connection.add_limit_offset!("", :limit=>sql_inject)
+ assert_no_match /schema/, @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
end
def test_add_limit_offset_should_sanitize_sql_injection_for_limit_with_comas
sql_inject = "1, 7 procedure help()"
- if current_adapter?(:MysqlAdapter)
- assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject)
- assert_equal " LIMIT 7, 1", @connection.add_limit_offset!("", :limit => '1 ; DROP TABLE USERS', :offset => 7)
- else
- assert_equal " LIMIT 1,7", @connection.add_limit_offset!("", :limit => sql_inject)
- assert_equal " LIMIT 1,7 OFFSET 7", @connection.add_limit_offset!("", :limit => sql_inject, :offset => 7)
- end
+ assert_no_match /procedure/, @connection.add_limit_offset!("", :limit=>sql_inject)
+ assert_no_match /procedure/, @connection.add_limit_offset!("", :limit=>sql_inject, :offset=>7)
end
end

0 comments on commit 05ef038

Please sign in to comment.