52 lines
1.3 KiB
Go
52 lines
1.3 KiB
Go
package validator_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/fiskerinc/cloud-services/pkg/testhelper"
|
|
"github.com/fiskerinc/cloud-services/pkg/validator"
|
|
)
|
|
|
|
type TestPageQueryOptions struct {
|
|
Order string `json:"order" validate:"max=512,sqlorder"`
|
|
Expected string
|
|
}
|
|
|
|
func TestValidateSqlOrderBy(t *testing.T) {
|
|
var tests = []TestPageQueryOptions{
|
|
{
|
|
Order: "",
|
|
Expected: "",
|
|
},
|
|
{
|
|
Order: "COLUMN",
|
|
Expected: "",
|
|
},
|
|
{
|
|
Order: "COLUMN DESC",
|
|
Expected: "",
|
|
},
|
|
{
|
|
Order: "COL_UMN DESC",
|
|
Expected: "",
|
|
},
|
|
{
|
|
Order: "CASE WHEN ('1'='1') THEN vin ELSE year END asc", // sql injection test
|
|
Expected: "Key: 'TestPageQueryOptions.Order' Error:Field validation for 'Order' failed on the 'sqlorder' tag",
|
|
},
|
|
{ // This could be made to be valid
|
|
Order: "col1 DESC, col2 DESC",
|
|
Expected: "Key: 'TestPageQueryOptions.Order' Error:Field validation for 'Order' failed on the 'sqlorder' tag",
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
err := validator.ValidateStruct(test)
|
|
if err == nil && test.Expected != "" {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Order, test.Expected, err)
|
|
} else if err != nil && err.Error() != test.Expected {
|
|
t.Errorf(testhelper.TestErrorTemplate, test.Order, test.Expected, err.Error())
|
|
}
|
|
}
|
|
}
|