hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

move most of asyncpg test into SqlInjection after moving MaD sql-injection sink

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-05-04 10:58:29 +02:00
parent a812d4dd34
commit 4b9c9b0c8d
3 changed files with 182 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
python/ql/test/library-tests/frameworks/asyncpg/test.py
View File

@@ -7,17 +7,17 @@ async def test_connection():
try:
# The file-like object is passed in as a keyword-only argument.
# See https://magicstack.github.io/asyncpg/current/api/index.html#asyncpg.connection.Connection.copy_from_query
await conn.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
await conn.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
await conn.copy_from_query("sql", output="filepath") # $ getAPathArgument="filepath"
await conn.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getAPathArgument="filepath"
await conn.copy_from_table("table", output="filepath") # $ getAPathArgument="filepath"
await conn.copy_to_table("table", source="filepath") # $ getAPathArgument="filepath"
await conn.execute("sql") # $ getSql="sql"
await conn.executemany("sql") # $ getSql="sql"
await conn.fetch("sql") # $ getSql="sql"
await conn.fetchrow("sql") # $ getSql="sql"
await conn.fetchval("sql") # $ getSql="sql"
await conn.execute("sql") # $
await conn.executemany("sql") # $
await conn.fetch("sql") # $
await conn.fetchrow("sql") # $
await conn.fetchval("sql") # $
finally:
await conn.close()
@@ -27,7 +27,7 @@ async def test_prepared_statement():
conn = await asyncpg.connect()
try:
pstmt = await conn.prepare("psql") # $ getSql="psql"
pstmt = await conn.prepare("psql") # $
pstmt.executemany()
pstmt.fetch()
pstmt.fetchrow()
@@ -43,10 +43,10 @@ async def test_cursor():
try:
async with conn.transaction():
cursor = await conn.cursor("sql") # $ getSql="sql" constructedSql="sql"
cursor = await conn.cursor("sql") # $ constructedSql="sql" getSql="sql"
await cursor.fetch()
pstmt = await conn.prepare("psql") # $ getSql="psql"
pstmt = await conn.prepare("psql") #
pcursor = await pstmt.cursor() # $ getSql="psql"
await pcursor.fetch()
@@ -69,23 +69,23 @@ async def test_connection_pool():
pool = await asyncpg.create_pool()
try:
await pool.copy_from_query("sql", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
await pool.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getSql="sql" getAPathArgument="filepath"
await pool.copy_from_query("sql", output="filepath") # $ getAPathArgument="filepath"
await pool.copy_from_query("sql", "arg1", "arg2", output="filepath") # $ getAPathArgument="filepath"
await pool.copy_from_table("table", output="filepath") # $ getAPathArgument="filepath"
await pool.copy_to_table("table", source="filepath") # $ getAPathArgument="filepath"
await pool.execute("sql") # $ getSql="sql"
await pool.executemany("sql") # $ getSql="sql"
await pool.fetch("sql") # $ getSql="sql"
await pool.fetchrow("sql") # $ getSql="sql"
await pool.fetchval("sql") # $ getSql="sql"
await pool.execute("sql") # $
await pool.executemany("sql") # $
await pool.fetch("sql") # $
await pool.fetchrow("sql") # $
await pool.fetchval("sql") # $
async with pool.acquire() as conn:
await conn.execute("sql") # $ getSql="sql"
await conn.execute("sql") # $
conn = await pool.acquire()
try:
await conn.fetch("sql") # $ getSql="sql"
await conn.fetch("sql") # $
finally:
await pool.release(conn)
@@ -93,13 +93,13 @@ async def test_connection_pool():
await pool.close()
async with asyncpg.create_pool() as pool:
await pool.execute("sql") # $ getSql="sql"
await pool.execute("sql") # $
async with pool.acquire() as conn:
await conn.execute("sql") # $ getSql="sql"
await conn.execute("sql") # $
conn = await pool.acquire()
try:
await conn.fetch("sql") # $ getSql="sql"
await conn.fetch("sql") # $
finally:
await pool.release(conn)