MCPcopy
hub / github.com/dgraph-io/dgraph / TestValidateCondValue

Function TestValidateCondValue

edgraph/server_test.go:380–430  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

378}
379
380func TestValidateCondValue(t *testing.T) {
381 // Valid conditions that should pass.
382 valid := []string{
383 ``,
384 `@if(eq(len(v), 0))`,
385 ` @if(eq(len(v), 0)) `,
386 `@if(eq(name, "Alice"))`,
387 `@if(le(len(c1), 100) AND lt(len(c2), 100))`,
388 `@if(not(eq(len(v), 0)))`,
389 `@if(eq(name, "has (parens) inside"))`,
390 `@filter(eq(len(v), 0))`,
391 // Spaces between directive and opening paren should be allowed (issue #9687).
392 `@if (eq(len(v), 0))`,
393 `@if (eq(len(v), 0))`,
394 `@filter (eq(len(v), 0))`,
395 ` @if ( NOT eq(len(RoutesId), 0) ) `,
396 }
397 for _, c := range valid {
398 require.NoError(t, validateCondValue(c), "expected valid: %q", c)
399 }
400
401 // Invalid conditions that should be rejected.
402 invalid := []struct {
403 cond string
404 desc string
405 }{
406 {
407 cond: "@if(eq(name, \"x\"))\n leak(func: has(dgraph.type)) { uid }",
408 desc: "DQL injection via newline and extra query block",
409 },
410 {
411 cond: "@if(eq(name, \"x\")) } leak(func: uid(0x1)) { uid",
412 desc: "DQL injection closing brace then new block",
413 },
414 {
415 cond: "eq(name, \"x\")",
416 desc: "missing @if/@filter prefix",
417 },
418 {
419 cond: "@if(eq(name, \"x\")",
420 desc: "unbalanced parentheses",
421 },
422 {
423 cond: "@if(eq(name, \"x\")) extra",
424 desc: "trailing content after condition",
425 },
426 }
427 for _, tc := range invalid {
428 require.Error(t, validateCondValue(tc.cond), "expected invalid (%s): %q", tc.desc, tc.cond)
429 }
430}
431
432func TestValidateValObjectId(t *testing.T) {
433 valid := []string{

Callers

nothing calls this directly

Calls 2

validateCondValueFunction · 0.85
ErrorMethod · 0.45

Tested by

no test coverage detected