zdennis
2006-Nov-23 19:47 UTC
Fixable ActiveRecord Unit Test Failure In Edge and 1.1.6 for PostgreSQL adapter
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
When running "rake test_postgresql" for ActiveRecord unit tests I get
the following failure with test_sql_injection_via_find.
1) Failure:
test_sql_injection_via_find(BasicsTest) [./test/base_test.rb:926]:
<ActiveRecord::RecordNotFound> exception expected but was
Class: <ActiveRecord::StatementInvalid>
Message: <"RuntimeError: ERROR\tC22P02\tMinvalid input syntax for
integer: \"123456 OR id > 0\"\tFnumutils.c\tL126\tRpg_atoi: SELECT
*
FROM topics WHERE (topics.id = ''123456 OR id > 0'') LIMIT
1">
- ---Backtrace---
./test/../lib/active_record/connection_adapters/abstract_adapter.rb:120:in
`log''
./test/../lib/active_record/connection_adapters/postgresql_adapter.rb:148:in
`execute''
./test/../lib/active_record/connection_adapters/postgresql_adapter.rb:361:in
`select''
./test/../lib/active_record/connection_adapters/postgresql_adapter.rb:129:in
`select_all''
./test/../lib/active_record/base.rb:390:in `find_by_sql''
./test/../lib/active_record/base.rb:924:in `find_every''
./test/../lib/active_record/base.rb:918:in `find_initial''
./test/../lib/active_record/base.rb:952:in `find_one''
./test/../lib/active_record/base.rb:941:in `find_from_ids''
./test/../lib/active_record/base.rb:382:in `find''
./test/base_test.rb:927:in `test_sql_injection_via_find''
./test/base_test.rb:926:in `test_sql_injection_via_find''
- ---------------
The test method in question is:
def test_sql_injection_via_find
assert_raises(ActiveRecord::RecordNotFound) do
Topic.find("123456 OR id > 0")
end
assert_raises(ActiveRecord::RecordNotFound) do
Topic.find(";;; this should raise an RecordNotFound error")
end
end
Could we exclude PostgreSQL from running this test.... or assert that a
ActiveRecord::StatementInvalid exception is raised if the adapter is
postgresql?
def test_sql_injection_via_find
if ActiveRecord::Base.connection.adapter_name =~ /postgres/i
assert_raises( ActiveRecord::StatementInvalid ) do
Topic.find("123456 OR id > 0")
end
else
assert_raises(ActiveRecord::RecordNotFound) do
Topic.find("123456 OR id > 0")
end
end
assert_raises(ActiveRecord::RecordNotFound) do
Topic.find(";;; this should raise an RecordNotFound error")
end
end
I don''t think I like the above, perhaps extract the if/elsif blocks
into
helper methods, but I think this test should get fixed.
Zach
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFZfreMyx0fW1d8G0RAgwUAJ9GJW6yyzr1xTw/lGSM9YfeK/1gbwCeMRj3
q8to4DMSs2FrONUcrToHFik=d5DD
-----END PGP SIGNATURE-----
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
zdennis
2006-Nov-23 20:21 UTC
Re: Fixable ActiveRecord Unit Test Failure In Edge and 1.1.6 for PostgreSQL adapter
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Actually this is fixed in Edge... nevermind this post, Zach -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFZgLNMyx0fW1d8G0RApmOAJ9CW5TPrkKxKgYofP5OhGHXUmopGQCdGGt2 DjM0P2jET/5Sz3enpkJTqCI=3/aq -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core-unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---