git/postgres
1
0
Fork 0
mirror of https://github.com/johndoe6345789/postgres.git synced 2026-04-25 06:15:02 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7111ca899ccd5b1bf35d16bc3231406da00c7c93
postgres/tests/integration/QueryInterface.spec.ts
copilot-swe-agent[bot] c1cc95c91b test: Add comprehensive integration tests for CRUD operations and query interface 
- Add RecordCRUD.spec.ts with 9 API validation tests
- Add QueryInterface.spec.ts with 10 SQL query validation tests
- Add TableDataSchema.spec.ts with 7 table data/schema API tests
- Update TESTING.md with new test coverage (135 total tests)
- Expand test coverage for authentication, validation, and SQL injection prevention
- All tests validate proper authentication and input validation

Co-authored-by: johndoe6345789 <224850594+johndoe6345789@users.noreply.github.com>
2026-01-08 04:31:31 +00:00

105 lines
3.0 KiB
TypeScript
Raw Blame History

import { expect, test } from '@playwright/test';
test.describe('SQL Query Interface', () => {
test.describe('Execute Query API', () => {
test('should reject query without authentication', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM test_table',
},
});
expect(response.status()).toBe(401);
});
test('should reject query without query text', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {},
});
expect([400, 401]).toContain(response.status());
});
test('should reject non-SELECT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'DELETE FROM test_table',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject INSERT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'INSERT INTO test_table VALUES (1)',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject UPDATE queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'UPDATE test_table SET name = "test"',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject DROP queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'DROP TABLE test_table',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject ALTER queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'ALTER TABLE test_table ADD COLUMN test INTEGER',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject CREATE queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'CREATE TABLE test_table (id INTEGER)',
},
});
expect([400, 401]).toContain(response.status());
});
test('should reject queries with SQL injection attempts', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM users; DROP TABLE users;',
},
});
expect([400, 401]).toContain(response.status());
});
test('should accept valid SELECT queries', async ({ page }) => {
const response = await page.request.post('/api/admin/query', {
data: {
query: 'SELECT * FROM information_schema.tables LIMIT 1',
},
});
// Should either be 401 (no auth) or 404/500 (no table) but not 400 (valid query format)
expect([401, 404, 500, 200]).toContain(response.status());
});
});
});
Reference in New Issue View Git Blame Copy Permalink