Skip to content

Commit e4d8dc3

Browse files
committed
Add wrapping for execute_iter and execute_with_progress
1 parent 0aefefd commit e4d8dc3

2 files changed

Lines changed: 46 additions & 0 deletions

File tree

aikido_zen/sinks/clickhouse_driver.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,5 +16,9 @@ def patch(m):
1616
"""
1717
patching module clickhouse_driver
1818
- patches clickhouse_driver.Client.execute
19+
- patches clickhouse_driver.Client.execute_iter
20+
- patches clickhouse_driver.Client.execute_with_progress
1921
"""
2022
patch_function(m, "Client.execute", _execute)
23+
patch_function(m, "Client.execute_iter", _execute)
24+
patch_function(m, "Client.execute_with_progress", _execute)

aikido_zen/sinks/tests/clickhouse_driver_test.py

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,3 +86,45 @@ def test_cursor_execute_unsafe(monkeypatch):
8686

8787
monkeypatch.setenv("AIKIDO_BLOCK", "0")
8888
conn.cursor().execute(sql)
89+
90+
91+
def test_client_execute_with_progress_safe(client):
92+
reset_comms()
93+
dog_name = "Steve"
94+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
95+
Context1({"dog_name": dog_name}).set_as_current_context()
96+
client.execute_with_progress(sql)
97+
98+
99+
def test_client_execute_with_progress_unsafe(client, monkeypatch):
100+
reset_comms()
101+
dog_name = "Malicious dog', 1); -- "
102+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
103+
Context1({"dog_name": dog_name}).set_as_current_context()
104+
105+
with pytest.raises(AikidoSQLInjection):
106+
client.execute_with_progress(sql)
107+
108+
monkeypatch.setenv("AIKIDO_BLOCK", "0")
109+
client.execute_with_progress(sql)
110+
111+
112+
def test_client_execute_iter_safe(client):
113+
reset_comms()
114+
dog_name = "Steve"
115+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
116+
Context1({"dog_name": dog_name}).set_as_current_context()
117+
client.execute_iter(sql)
118+
119+
120+
def test_client_execute_iter_unsafe(client, monkeypatch):
121+
reset_comms()
122+
dog_name = "Malicious dog', 1); -- "
123+
sql = "INSERT INTO dogs (dog_name, isAdmin) VALUES ('{}' , 0)".format(dog_name)
124+
Context1({"dog_name": dog_name}).set_as_current_context()
125+
126+
with pytest.raises(AikidoSQLInjection):
127+
client.execute_iter(sql)
128+
129+
monkeypatch.setenv("AIKIDO_BLOCK", "0")
130+
client.execute_iter(sql)

0 commit comments

Comments
 (0)