public function SelectTest::testVulnerableComment in Drupal 10
Same name and namespace in other branches
- 8 core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::testVulnerableComment()
- 9 core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::testVulnerableComment()
Tests query COMMENT system against vulnerabilities.
File
- core/
tests/ Drupal/ KernelTests/ Core/ Database/ SelectTest.php, line 50
Class
- SelectTest
- Tests the Select query builder.
Namespace
Drupal\KernelTests\Core\DatabaseCode
public function testVulnerableComment() {
$query = $this->connection
->select('test')
->comment('Testing query comments */ SELECT nid FROM {node}; --');
$query
->addField('test', 'name');
$query
->addField('test', 'age', 'age');
$result = $query
->execute();
$records = $result
->fetchAll();
$query = (string) $query;
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */";
// Check the returned number of rows.
$this
->assertCount(4, $records);
// Check that the flattened query contains the sanitized comment string.
$this
->assertStringContainsString($expected, $query);
$connection = Database::getConnection();
foreach ($this
->makeCommentsProvider() as $test_set) {
[
$expected,
$comments,
] = $test_set;
$this
->assertEquals($expected, $connection
->makeComment($comments));
}
}