Skip to content

Commit 668ef6e

Browse files
committed
Add unit tests for clickhouse driver
1 parent 964cde6 commit 668ef6e

1 file changed

Lines changed: 64 additions & 0 deletions

File tree

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
import aikido_zen.sinks.clickhouse_driver
2+
import pytest
3+
from aikido_zen.background_process import reset_comms
4+
from aikido_zen.context import Context
5+
from aikido_zen.errors import AikidoSQLInjection
6+
7+
kind = "sql_injection"
8+
op = "pymysql.connections.query"
9+
10+
11+
class Context1(Context):
12+
def __init__(self, body):
13+
self.cookies = {}
14+
self.headers = {}
15+
self.remote_address = "1.1.1.1"
16+
self.method = "POST"
17+
self.url = "url"
18+
self.query = {}
19+
self.body = body
20+
self.source = "express"
21+
self.route = "/"
22+
self.parsed_userinput = {}
23+
24+
25+
@pytest.fixture(autouse=True)
26+
def set_blocking_to_true(monkeypatch):
27+
monkeypatch.setenv("AIKIDO_BLOCK", "1")
28+
29+
30+
@pytest.fixture
31+
def client():
32+
from clickhouse_driver import Client
33+
34+
return Client(
35+
host="127.0.0.1", port=9000, user="default", password="", database="default"
36+
)
37+
38+
39+
def test_client_execute_without_context(client):
40+
reset_comms()
41+
dog_name = "Steve"
42+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
43+
client.execute(sql)
44+
45+
46+
def test_client_execute_safe(client):
47+
reset_comms()
48+
dog_name = "Steve"
49+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
50+
Context1({"dog_name": dog_name}).set_as_current_context()
51+
client.execute(sql)
52+
53+
54+
def test_client_execute_unsafe(client, monkeypatch):
55+
reset_comms()
56+
dog_name = "Malicious dog', 1); -- "
57+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
58+
Context1({"dog_name": dog_name}).set_as_current_context()
59+
60+
with pytest.raises(AikidoSQLInjection):
61+
client.execute(sql)
62+
63+
monkeypatch.setenv("AIKIDO_BLOCK", "0")
64+
client.execute(sql)

0 commit comments

Comments
 (0)