@Test(groups = "unit") public void updateInjectionTest() throws Exception { String query; Statement update; query = "UPDATE foo.bar USING TIMESTAMP 42 SET a=12 WHERE k='2 OR 1=1';"; update = update("foo", "bar").using(timestamp(42)).with(set("a", 12)).where(eq("k", "2 OR 1=1")); assertEquals(update.toString(), query); query = "UPDATE foo SET b='null WHERE k=1; --comment' WHERE k=2;"; update = update("foo").where().and(eq("k", 2)).with(set("b", "null WHERE k=1; --comment")); assertEquals(update.toString(), query); query = "UPDATE foo USING TIMESTAMP 42 SET \"b WHERE k=1; --comment\"=[3,2,1]+\"b WHERE k=1; --comment\" WHERE k=2;"; update = update("foo") .where() .and(eq("k", 2)) .with(prependAll("b WHERE k=1; --comment", Arrays.asList(3, 2, 1))) .using(timestamp(42)); assertEquals(update.toString(), query); }
.and(eq("l", "foo")) .with(prependAll("b", Arrays.asList(3, 2, 1))) .using(timestamp(42)); assertEquals(update.toString(), query);
@Test(groups = "unit") public void updateInjectionTest() throws Exception { String query; Statement update; query = "UPDATE foo.bar USING TIMESTAMP 42 SET a=12 WHERE k='2 OR 1=1';"; update = update("foo", "bar").using(timestamp(42)).with(set("a", 12)).where(eq("k", "2 OR 1=1")); assertEquals(update.toString(), query); query = "UPDATE foo SET b='null WHERE k=1; --comment' WHERE k=2;"; update = update("foo").where().and(eq("k", 2)).with(set("b", "null WHERE k=1; --comment")); assertEquals(update.toString(), query); query = "UPDATE foo USING TIMESTAMP 42 SET \"b WHERE k=1; --comment\"=[3,2,1]+\"b WHERE k=1; --comment\" WHERE k=2;"; update = update("foo") .where() .and(eq("k", 2)) .with(prependAll("b WHERE k=1; --comment", Arrays.asList(3, 2, 1))) .using(timestamp(42)); assertEquals(update.toString(), query); }
.and(eq("l", "foo")) .with(prependAll("b", Arrays.asList(3, 2, 1))) .using(timestamp(42)); assertEquals(update.toString(), query);