SqlInjectionCheckerTest.php 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
  4. *
  5. * @license GNU AGPL version 3 or any later version
  6. *
  7. * This program is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU Affero General Public License as
  9. * published by the Free Software Foundation, either version 3 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. *
  20. */
  21. $builder = \OC::$server->getDatabaseConnection()->getQueryBuilder();
  22. $builder->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $_GET['asdf']));
  23. class SqlInjectionCheckerTest {
  24. private $qb;
  25. public function __construct(\OCP\IDBConnection $dbConnection) {
  26. $this->qb = $dbConnection->getQueryBuilder();
  27. }
  28. public function testEqAndNeq() {
  29. $this->qb->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $this->qb->expr()->literal('myString')));
  30. $this->qb->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $this->qb->expr()->literal(0)));
  31. $this->qb->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $this->qb->expr()->literal($_GET['bar'])));
  32. $asdf = '123';
  33. $this->qb->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $this->qb->expr()->literal($asdf)));
  34. $asdf = 1;
  35. $this->qb->select('*')->from('ado')->where($this->qb->expr()->neq('asdf', $asdf));
  36. $asdf = '123';
  37. $this->qb->select('*')->from('ado')->where($this->qb->expr()->lt('asdf', $asdf));
  38. $this->qb->select('*')->from('ado')->where($this->qb->expr()->eq('s.resourceid', 'a.id'));
  39. $this->qb->select('*')->from('ado')->andWhere($this->qb->expr()->gte('asdf', $_GET['asdf']));
  40. $this->qb->select('*')
  41. ->from('ado')
  42. ->where($this->qb->expr()->eq('asdf', $this->qb->createNamedParameter('asdf')));
  43. $this->qb->select('*')
  44. ->from('ado')
  45. ->where($this->qb->expr()->eq('asdf', $this->qb->createPositionalParameter('asdf')));
  46. }
  47. public function testInstantiatingDatabaseConnection() {
  48. $qb = \OC::$server->getDatabaseConnection();
  49. $qb->getQueryBuilder()->select('*')->from('ado')->where($this->qb->expr()->eq('asdf', $_GET['asdf']));
  50. }
  51. public function testSet() {
  52. $this->qb->update('file_locks')->set('lock', $this->qb->createNamedParameter('lukaslukaslukas'));
  53. $this->qb->update('file_locks')->set('lock', '1234');
  54. $asdf = '1234';
  55. $this->qb->update('file_locks')->set('lock', $asdf);
  56. $this->qb->update('file_locks')->set('lock', $_GET['asdf']);
  57. }
  58. public function testSetValue() {
  59. $this->qb->update('file_locks')->setValue('lock', $this->qb->createNamedParameter('lukaslukaslukas'));
  60. $this->qb->update('file_locks')->setValue('lock', '1234');
  61. $asdf = '1234';
  62. $this->qb->update('file_locks')->setValue('lock', $asdf);
  63. $this->qb->update('file_locks')->setValue('lock', $_GET['asdf']);
  64. }
  65. }