@@ -56,6 +56,49 @@ func TestRunOnRecordsEmpty(t *testing.T) {
5656 }
5757}
5858
59+ func TestValidateReadOnlySQL (t * testing.T ) {
60+ valid := []string {
61+ "SELECT 1" ,
62+ " select * from review_log " ,
63+ "SELECT * FROM review_log;" ,
64+ "SELECT * FROM review_log ; " ,
65+ "With x AS (SELECT 1) SELECT * FROM x" ,
66+ "select action, count(*) from review_log group by action" ,
67+ }
68+ for _ , sqlText := range valid {
69+ t .Run ("valid: " + sqlText , func (t * testing.T ) {
70+ if err := validateReadOnlySQL (sqlText ); err != nil {
71+ t .Errorf ("validateReadOnlySQL(%q) = %v; want nil" , sqlText , err )
72+ }
73+ })
74+ }
75+
76+ invalid := []string {
77+ "" ,
78+ " " ,
79+ "DROP TABLE review_log" ,
80+ "DELETE FROM review_log" ,
81+ "INSERT INTO review_log VALUES (1)" ,
82+ "UPDATE review_log SET action='x'" ,
83+ "CREATE TABLE evil (x)" ,
84+ "ALTER TABLE review_log ADD COLUMN x" ,
85+ "ATTACH DATABASE '/tmp/evil.db' AS evil" ,
86+ "PRAGMA writable_schema=1" ,
87+ "REPLACE INTO review_log VALUES (1)" ,
88+ "SELECT 1; DROP TABLE review_log" ,
89+ "SELECT 1;DROP TABLE review_log" ,
90+ "SELECT 1; SELECT 2" ,
91+ "-- comment\n SELECT 1" ,
92+ }
93+ for _ , sqlText := range invalid {
94+ t .Run ("invalid: " + sqlText , func (t * testing.T ) {
95+ if err := validateReadOnlySQL (sqlText ); err == nil {
96+ t .Errorf ("validateReadOnlySQL(%q) = nil; want an error" , sqlText )
97+ }
98+ })
99+ }
100+ }
101+
59102// BenchmarkRunOnRecords measures load+query cost at various repo sizes.
60103// Run: go test -run=^$ -bench=RunOnRecords -benchmem ./internal/reviewquery/
61104func BenchmarkRunOnRecords (b * testing.B ) {
0 commit comments