t/20injection_guard.t - metacpan.org


            
              1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
              use strict;
use warnings;
use Test::More;
use Test::Exception;
use SQL::Abstract::Test import => ['is_same_sql_bind'];
use SQL::Abstract;
my $sqla = SQL::Abstract->new;
my $sqla_q = SQL::Abstract->new(quote_char => '"');
throws_ok( sub {
  $sqla->select(
    'foo',
    [ 'bar' ],
    { 'bobby; tables' => 'bar' },
  );
}, qr/Possible SQL injection attempt/, 'Injection thwarted on unquoted column' );
my ($sql, @bind) = $sqla_q->select(
  'foo',
  [ 'bar' ],
  { 'bobby; tables' => 'bar' },
);
is_same_sql_bind (
  $sql, \@bind,
  'SELECT "bar" FROM "foo" WHERE ( "bobby; tables" = ? )',
  [ 'bar' ],
  'Correct sql with quotes on'
);
for ($sqla, $sqla_q) {
  throws_ok( sub {
    $_->select(
      'foo',
      [ 'bar' ],
      { x => { 'bobby; tables' => 'y' } },
    );
  }, qr/Possible SQL injection attempt/, 'Injection thwarted on top level op');
  throws_ok( sub {
    $_->select(
      'foo',
      [ 'bar' ],
      { x => { '<' => { "-go\ndo some harm" => 'y' } } },
    );
  }, qr/Possible SQL injection attempt/, 'Injection thwarted on chained functions');
}
done_testing;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)