Tests

ZorTik · ZorTik · commit 8a4440d8a1d8 · 2023-01-26T13:16:04.000+01:00
diff --git a/core/src/main/java/me/zort/sqllib/SQLDatabaseConnectionImpl.java b/core/src/main/java/me/zort/sqllib/SQLDatabaseConnectionImpl.java
@@ -383,7 +383,10 @@ private static class DefaultStatementFactory implements StatementFactory<Prepare
 
         @Override
         public PreparedStatement prepare(Connection connection) throws SQLException {
-            return connection.prepareStatement(query.getAncestor().buildQuery());
+            String queryString = query.getAncestor().buildQuery();
+
+            Logger.debug(connection, "Query: " + queryString);
+            return connection.prepareStatement(queryString);
         }
     }
 
diff --git a/src/test/java/me/zort/sqllib/test/TestCase1.java b/src/test/java/me/zort/sqllib/test/TestCase1.java
@@ -64,7 +64,7 @@ public void prepare() {
 
         System.out.println("Connection established, preparing tables...");
 
-        assertNull(connection.exec(() -> "CREATE TABLE IF NOT EXISTS users (nickname VARCHAR(16) PRIMARY KEY NOT NULL, points INT NOT NULL);").getRejectMessage());
+        assertNull(connection.exec(() -> "CREATE TABLE IF NOT EXISTS users (nickname VARCHAR(64) PRIMARY KEY NOT NULL, points INT NOT NULL);").getRejectMessage());
         assertNull(connection.exec(() -> "TRUNCATE TABLE users;").getRejectMessage());
 
         System.out.println("Tables prepared, test cases ready");
@@ -97,7 +97,7 @@ public void test2_Select() {
 
         assertNull(result.getRejectMessage());
         assertEquals(1, result.size());
-        assertEquals(user1, result.get(0));
+        assertEquals(user1.getNickname(), result.get(0).getNickname());
         System.out.println("Select successful");
     }
 
@@ -123,7 +123,21 @@ public void test3_Update() {
 
     @Timeout(10)
     @Test
-    public void test4_Delete() {
+    public void test4_Security() {
+        Optional<Row> rowOptional = connection.select()
+                .from(TABLE_NAME)
+                .where()
+                .isEqual("nickname", "asdfmnaskfopdmko' or '1' = '1").obtainOne();
+
+        assertFalse(rowOptional.isPresent());
+
+        // Check for table
+        test2_Select();
+    }
+
+    @Timeout(10)
+    @Test
+    public void test5_Delete() {
         QueryResult result = connection.delete()
                 .from(TABLE_NAME)
                 .where()
@@ -134,7 +148,7 @@ public void test4_Delete() {
 
     @Timeout(5)
     @Test
-    public void test5_Close() {
+    public void test6_Close() {
         System.out.println("Closing connection...");
         connection.disconnect();
         System.out.println("Connection closed");

Original file line number	Diff line number	Diff line change
`@@ -383,7 +383,10 @@ private static class DefaultStatementFactory implements StatementFactory<Prepare`
`383`	`383`
`384`	`384`	`@Override`
`385`	`385`	`public PreparedStatement prepare(Connection connection) throws SQLException {`
`386`		`- return connection.prepareStatement(query.getAncestor().buildQuery());`
	`386`	`+ String queryString = query.getAncestor().buildQuery();`
	`387`	`+`
	`388`	`+ Logger.debug(connection, "Query: " + queryString);`
	`389`	`+ return connection.prepareStatement(queryString);`
`387`	`390`	`}`
`388`	`391`	`}`
`389`	`392`