git/metabuilder
1
0
Fork 0
mirror of https://github.com/johndoe6345789/metabuilder.git synced 2026-04-25 14:25:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
claude/fix-dirname-e2e-setup-EBgh1
metabuilder/frontends/postgres/tests/integration/QueryInterface.spec.ts
johndoe6345789 862cc29457 various changes
2026-03-09 22:30:41 +00:00

105 lines
3.0 KiB
TypeScript
Raw Permalink Blame History

import { expect, test } from '@playwright/test';
test.describe('SQL Query Interface', () => {
test.describe('Execute Query API', () => {
test('should reject query without authentication', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM test_table',
},
});
expect(response.status()).toBe(401);
});
test('should reject query without query text', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {},
});
expect([400, 401]).toContain(response.status());
});
test('should reject non-SELECT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'DELETE FROM test_table',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject INSERT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'INSERT INTO test_table VALUES (1)',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject UPDATE queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'UPDATE test_table SET name = "test"',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject DROP queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'DROP TABLE test_table',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject ALTER queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'ALTER TABLE test_table ADD COLUMN test INTEGER',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject CREATE queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'CREATE TABLE test_table (id INTEGER)',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject queries with SQL injection attempts', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM users; DROP TABLE users;',
},
});
expect([400, 401]).toContain(response.status());
});
test('should accept valid SELECT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM information_schema.tables LIMIT 1',
},
});
// Should either be 401 (no auth) or 404/500 (no table) but not 400 (valid query format)
expect([401, 404, 500, 200]).toContain(response.status());
});
});
});
Reference in New Issue View Git Blame Copy Permalink