class QueryTest in Zircon Profile 8
Same name in this branch
- 8 core/modules/views_ui/src/Tests/QueryTest.php \Drupal\views_ui\Tests\QueryTest
- 8 core/modules/views/src/Tests/Plugin/QueryTest.php \Drupal\views\Tests\Plugin\QueryTest
- 8 core/modules/system/src/Tests/Database/QueryTest.php \Drupal\system\Tests\Database\QueryTest
- 8 core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest
- 8 core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Database/QueryTest.php \Drupal\system\Tests\Database\QueryTest
Tests Drupal's extended prepared statement syntax..
@group Database
Hierarchy
- class \Drupal\simpletest\TestBase uses AssertHelperTrait, RandomGeneratorTrait, SessionTestTrait
- class \Drupal\simpletest\KernelTestBase uses AssertContentTrait
- class \Drupal\system\Tests\Database\DatabaseTestBase
- class \Drupal\system\Tests\Database\QueryTest
- class \Drupal\system\Tests\Database\DatabaseTestBase
- class \Drupal\simpletest\KernelTestBase uses AssertContentTrait
Expanded class hierarchy of QueryTest
1 string reference to 'QueryTest'
- QueryTest::calculateDependencies in core/
modules/ views/ tests/ modules/ views_test_data/ src/ Plugin/ views/ query/ QueryTest.php - Calculates dependencies for the configured plugin.
File
- core/
modules/ system/ src/ Tests/ Database/ QueryTest.php, line 15 - Contains \Drupal\system\Tests\Database\QueryTest.
Namespace
Drupal\system\Tests\DatabaseView source
class QueryTest extends DatabaseTestBase {
/**
* Tests that we can pass an array of values directly in the query.
*/
function testArraySubstitution() {
$names = db_query('SELECT name FROM {test} WHERE age IN ( :ages[] ) ORDER BY age', array(
':ages[]' => array(
25,
26,
27,
),
))
->fetchAll();
$this
->assertEqual(count($names), 3, 'Correct number of names returned');
$names = db_query('SELECT name FROM {test} WHERE age IN ( :ages[] ) ORDER BY age', array(
':ages[]' => array(
25,
),
))
->fetchAll();
$this
->assertEqual(count($names), 1, 'Correct number of names returned');
}
/**
* Tests that we can not pass a scalar value when an array is expected.
*/
function testScalarSubstitution() {
try {
$names = db_query('SELECT name FROM {test} WHERE age IN ( :ages[] ) ORDER BY age', array(
':ages[]' => 25,
))
->fetchAll();
$this
->fail('Array placeholder with scalar argument should result in an exception.');
} catch (\InvalidArgumentException $e) {
$this
->pass('Array placeholder with scalar argument should result in an exception.');
}
}
/**
* Tests SQL injection via database query array arguments.
*/
public function testArrayArgumentsSQLInjection() {
// Attempt SQL injection and verify that it does not work.
$condition = array(
"1 ;INSERT INTO {test} (name) VALUES ('test12345678'); -- " => '',
'1' => '',
);
try {
db_query("SELECT * FROM {test} WHERE name = :name", array(
':name' => $condition,
))
->fetchObject();
$this
->fail('SQL injection attempt via array arguments should result in a database exception.');
} catch (\InvalidArgumentException $e) {
$this
->pass('SQL injection attempt via array arguments should result in a database exception.');
}
// Test that the insert query that was used in the SQL injection attempt did
// not result in a row being inserted in the database.
$result = db_select('test')
->condition('name', 'test12345678')
->countQuery()
->execute()
->fetchField();
$this
->assertFalse($result, 'SQL injection attempt did not result in a row being inserted in the database table.');
}
/**
* Tests SQL injection via condition operator.
*/
public function testConditionOperatorArgumentsSQLInjection() {
$injection = "IS NOT NULL) ;INSERT INTO {test} (name) VALUES ('test12345678'); -- ";
// Convert errors to exceptions for testing purposes below.
set_error_handler(function ($severity, $message, $filename, $lineno) {
throw new \ErrorException($message, 0, $severity, $filename, $lineno);
});
try {
$result = db_select('test', 't')
->fields('t')
->condition('name', 1, $injection)
->execute();
$this
->fail('Should not be able to attempt SQL injection via condition operator.');
} catch (\ErrorException $e) {
$this
->pass('SQL injection attempt via condition arguments should result in a database exception.');
}
// Test that the insert query that was used in the SQL injection attempt did
// not result in a row being inserted in the database.
$result = db_select('test')
->condition('name', 'test12345678')
->countQuery()
->execute()
->fetchField();
$this
->assertFalse($result, 'SQL injection attempt did not result in a row being inserted in the database table.');
// Attempt SQLi via union query with no unsafe characters.
$this
->enableModules([
'user',
]);
$this
->installEntitySchema('user');
db_insert('test')
->fields([
'name' => '123456',
])
->execute();
$injection = "= 1 UNION ALL SELECT password FROM user WHERE uid =";
try {
$result = db_select('test', 't')
->fields('t', array(
'name',
'name',
))
->condition('name', 1, $injection)
->execute();
$this
->fail('Should not be able to attempt SQL injection via operator.');
} catch (\ErrorException $e) {
$this
->pass('SQL injection attempt via condition arguments should result in a database exception.');
}
// Attempt SQLi via union query - uppercase tablename.
db_insert('TEST_UPPERCASE')
->fields([
'name' => 'secrets',
])
->execute();
$injection = "IS NOT NULL) UNION ALL SELECT name FROM {TEST_UPPERCASE} -- ";
try {
$result = db_select('test', 't')
->fields('t', array(
'name',
))
->condition('name', 1, $injection)
->execute();
$this
->fail('Should not be able to attempt SQL injection via operator.');
} catch (\ErrorException $e) {
$this
->pass('SQL injection attempt via condition arguments should result in a database exception.');
}
restore_error_handler();
}
/**
* Tests numeric query parameter expansion in expressions.
*
* @see \Drupal\Core\Database\Driver\sqlite\Statement::getStatement()
* @see http://bugs.php.net/bug.php?id=45259
*/
public function testNumericExpressionSubstitution() {
$count = db_query('SELECT COUNT(*) >= 3 FROM {test}')
->fetchField();
$this
->assertEqual((bool) $count, TRUE);
$count = db_query('SELECT COUNT(*) >= :count FROM {test}', array(
':count' => 3,
))
->fetchField();
$this
->assertEqual((bool) $count, TRUE);
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AssertContentTrait:: |
protected | property | The current raw content. | |
AssertContentTrait:: |
protected | property | The drupalSettings value from the current raw $content. | |
AssertContentTrait:: |
protected | property | The XML structure parsed from the current raw $content. | 2 |
AssertContentTrait:: |
protected | property | The plain-text content of raw $content (text nodes). | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page by the given XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a field exists in the current page with a given Xpath result. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is found. | |
AssertContentTrait:: |
protected | function | Asserts that each HTML ID is used for just a single element. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS NOT found escaped on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name or ID. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given ID and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist with the given name and value. | |
AssertContentTrait:: |
protected | function | Asserts that a field does not exist or its value does not match, by XPath. | |
AssertContentTrait:: |
protected | function | Asserts that a checkbox field in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Passes if a link with the specified label is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href (part) is not found. | |
AssertContentTrait:: |
protected | function | Passes if a link containing a given href is not found in the main region. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page does not exist. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is not checked. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the perl regex pattern is not found in raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text is NOT found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) does not contains the text. | |
AssertContentTrait:: |
protected | function | Pass if the page title is not the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found MORE THAN ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page is checked. | |
AssertContentTrait:: |
protected | function | Asserts that a select option in the current page exists. | |
AssertContentTrait:: |
protected | function | Triggers a pass if the Perl regex pattern is found in the raw content. | |
AssertContentTrait:: |
protected | function | Passes if the raw text IS found on the loaded page, fail otherwise. | |
AssertContentTrait:: |
protected | function | Passes if the page (with HTML stripped) contains the text. | |
AssertContentTrait:: |
protected | function | Helper for assertText and assertNoText. | |
AssertContentTrait:: |
protected | function | Asserts that a Perl regex pattern is found in the plain-text content. | |
AssertContentTrait:: |
protected | function | Asserts themed output. | |
AssertContentTrait:: |
protected | function | Pass if the page title is the given string. | |
AssertContentTrait:: |
protected | function | Passes if the text is found ONLY ONCE on the text version of the page. | |
AssertContentTrait:: |
protected | function | Helper for assertUniqueText and assertNoUniqueText. | |
AssertContentTrait:: |
protected | function | Builds an XPath query. | |
AssertContentTrait:: |
protected | function | Helper: Constructs an XPath for the given set of attributes and value. | |
AssertContentTrait:: |
protected | function | Searches elements using a CSS selector in the raw content. | |
AssertContentTrait:: |
protected | function | Get all option elements, including nested options, in a select. | |
AssertContentTrait:: |
protected | function | Gets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Gets the current raw content. | |
AssertContentTrait:: |
protected | function | Get the selected value from a select field. | |
AssertContentTrait:: |
protected | function | Retrieves the plain-text content from the current raw content. | |
AssertContentTrait:: |
protected | function | Get the current URL from the cURL handler. | 1 |
AssertContentTrait:: |
protected | function | Parse content returned from curlExec using DOM and SimpleXML. | |
AssertContentTrait:: |
protected | function | Removes all white-space between HTML tags from the raw content. | |
AssertContentTrait:: |
protected | function | Sets the value of drupalSettings for the currently-loaded page. | |
AssertContentTrait:: |
protected | function | Sets the raw content (e.g. HTML). | |
AssertContentTrait:: |
protected | function | Performs an xpath search on the contents of the internal browser. | |
AssertHelperTrait:: |
protected | function | Casts MarkupInterface objects into strings. | |
DatabaseTestBase:: |
public static | property |
Modules to enable. Overrides KernelTestBase:: |
3 |
DatabaseTestBase:: |
static | function | Sets up our sample data. | |
DatabaseTestBase:: |
function | Sets up tables for NULL handling. | ||
DatabaseTestBase:: |
protected | function |
Performs setup tasks before each individual test method is run. Overrides KernelTestBase:: |
|
KernelTestBase:: |
protected | property | The configuration directories for this test run. | |
KernelTestBase:: |
protected | property | A KeyValueMemoryFactory instance to use when building the container. | |
KernelTestBase:: |
private | property | ||
KernelTestBase:: |
protected | property | Array of registered stream wrappers. | |
KernelTestBase:: |
private | property | ||
KernelTestBase:: |
protected | function |
Act on global state information before the environment is altered for a test. Overrides TestBase:: |
|
KernelTestBase:: |
public | function | Sets up the base service container for this test. | 12 |
KernelTestBase:: |
protected | function | Provides the data for setting the default language on the container. | 1 |
KernelTestBase:: |
protected | function | Disables modules for this test. | |
KernelTestBase:: |
protected | function | Enables modules for this test. | |
KernelTestBase:: |
protected | function | Installs default configuration for a given list of modules. | |
KernelTestBase:: |
protected | function | Installs the storage schema for a specific entity type. | |
KernelTestBase:: |
protected | function | Installs a specific table from a module schema definition. | |
KernelTestBase:: |
protected | function | Create and set new configuration directories. | 1 |
KernelTestBase:: |
protected | function | Registers a stream wrapper for this test. | |
KernelTestBase:: |
protected | function | Renders a render array. | |
KernelTestBase:: |
protected | function |
Performs cleanup tasks after each individual test method has been run. Overrides TestBase:: |
|
KernelTestBase:: |
function |
Constructor for Test. Overrides TestBase:: |
||
QueryTest:: |
public | function | Tests SQL injection via database query array arguments. | |
QueryTest:: |
function | Tests that we can pass an array of values directly in the query. | ||
QueryTest:: |
public | function | Tests SQL injection via condition operator. | |
QueryTest:: |
public | function | Tests numeric query parameter expansion in expressions. | |
QueryTest:: |
function | Tests that we can not pass a scalar value when an array is expected. | ||
RandomGeneratorTrait:: |
protected | property | The random generator. | |
RandomGeneratorTrait:: |
protected | function | Gets the random generator for the utility methods. | |
RandomGeneratorTrait:: |
protected | function | Generates a unique random string containing letters and numbers. | |
RandomGeneratorTrait:: |
public | function | Generates a random PHP object. | |
RandomGeneratorTrait:: |
public | function | Generates a pseudo-random string of ASCII characters of codes 32 to 126. | |
RandomGeneratorTrait:: |
public | function | Callback for random string validation. | |
SessionTestTrait:: |
protected | property | The name of the session cookie. | |
SessionTestTrait:: |
protected | function | Generates a session cookie name. | |
SessionTestTrait:: |
protected | function | Returns the session name in use on the child site. | |
TestBase:: |
protected | property | Assertions thrown in that test case. | |
TestBase:: |
protected | property | The config importer that can used in a test. | 5 |
TestBase:: |
protected static | property | An array of config object names that are excluded from schema checking. | |
TestBase:: |
protected | property | The dependency injection container used in the test. | |
TestBase:: |
protected | property | The database prefix of this test run. | |
TestBase:: |
public | property | Whether to die in case any test assertion fails. | |
TestBase:: |
protected | property | HTTP authentication credentials (<username>:<password>). | |
TestBase:: |
protected | property | HTTP authentication method (specified as a CURLAUTH_* constant). | |
TestBase:: |
protected | property | The DrupalKernel instance used in the test. | 1 |
TestBase:: |
protected | property | The original configuration (variables), if available. | |
TestBase:: |
protected | property | The original configuration (variables). | |
TestBase:: |
protected | property | The original configuration directories. | |
TestBase:: |
protected | property | The original container. | |
TestBase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
TestBase:: |
protected | property | The original language. | |
TestBase:: |
protected | property | The original database prefix when running inside Simpletest. | |
TestBase:: |
protected | property | The original installation profile. | |
TestBase:: |
protected | property | The name of the session cookie of the test-runner. | |
TestBase:: |
protected | property | The settings array. | |
TestBase:: |
protected | property | The original array of shutdown function callbacks. | 1 |
TestBase:: |
protected | property | The site directory of the original parent site. | |
TestBase:: |
protected | property | The original user, before testing began. | 1 |
TestBase:: |
protected | property | The private file directory for the test environment. | |
TestBase:: |
protected | property | The public file directory for the test environment. | |
TestBase:: |
public | property | Current results of this test case. | |
TestBase:: |
protected | property | The site directory of this test run. | |
TestBase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
TestBase:: |
protected | property | Set to TRUE to strict check all configuration saved. | 4 |
TestBase:: |
protected | property | The temporary file directory for the test environment. | |
TestBase:: |
protected | property | The test run ID. | |
TestBase:: |
protected | property | Time limit for the test. | |
TestBase:: |
protected | property | The translation file directory for the test environment. | |
TestBase:: |
public | property | TRUE if verbose debugging is enabled. | |
TestBase:: |
protected | property | Safe class name for use in verbose output filenames. | |
TestBase:: |
protected | property | Directory where verbose output files are put. | |
TestBase:: |
protected | property | URL to the verbose output file directory. | |
TestBase:: |
protected | property | Incrementing identifier for verbose output filenames. | |
TestBase:: |
protected | function | Internal helper: stores the assert. | |
TestBase:: |
protected | function | Check to see if two values are equal. | |
TestBase:: |
protected | function | Asserts that a specific error has been logged to the PHP error log. | |
TestBase:: |
protected | function | Check to see if a value is false. | |
TestBase:: |
protected | function | Check to see if two values are identical. | |
TestBase:: |
protected | function | Checks to see if two objects are identical. | |
TestBase:: |
protected | function | Asserts that no errors have been logged to the PHP error.log thus far. | |
TestBase:: |
protected | function | Check to see if two values are not equal. | |
TestBase:: |
protected | function | Check to see if two values are not identical. | |
TestBase:: |
protected | function | Check to see if a value is not NULL. | |
TestBase:: |
protected | function | Check to see if a value is NULL. | |
TestBase:: |
protected | function | Check to see if a value is not false. | |
TestBase:: |
private | function | Changes the database connection to the prefixed one. | |
TestBase:: |
protected | function | Checks the matching requirements for Test. | 2 |
TestBase:: |
protected | function | Configuration accessor for tests. Returns non-overridden configuration. | |
TestBase:: |
public | function | Returns a ConfigImporter object to import test importing of configuration. | 5 |
TestBase:: |
public | function | Copies configuration objects from source storage to target storage. | |
TestBase:: |
public static | function | Delete an assertion record by message ID. | |
TestBase:: |
protected | function | Fire an error assertion. | 3 |
TestBase:: |
public | function | Handle errors during test runs. | |
TestBase:: |
protected | function | Handle exceptions. | |
TestBase:: |
protected | function | Fire an assertion that is always negative. | |
TestBase:: |
public static | function | Ensures test files are deletable within file_unmanaged_delete_recursive(). | |
TestBase:: |
public static | function | Converts a list of possible parameters into a stack of permutations. | |
TestBase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
TestBase:: |
protected | function | Gets the config schema exclusions for this test. | |
TestBase:: |
public static | function | Returns the database connection to the site running Simpletest. | |
TestBase:: |
public | function | Gets the database prefix. | |
TestBase:: |
public | function | Gets the temporary files directory. | |
TestBase:: |
public static | function | Store an assertion from outside the testing context. | |
TestBase:: |
protected | function | Fire an assertion that is always positive. | |
TestBase:: |
private | function | Generates a database prefix for running tests. | |
TestBase:: |
private | function | Prepares the current environment for running the test. | |
TestBase:: |
private | function | Cleans up the test environment and restores the original environment. | |
TestBase:: |
public | function | Run all tests in this class. | 1 |
TestBase:: |
protected | function | Changes in memory settings. | |
TestBase:: |
protected | function | Helper method to store an assertion record in the configured database. | |
TestBase:: |
protected | function | Logs a verbose message in a text file. |