class QueryTest

Same name in this branch
  1. main core/modules/views/tests/src/Kernel/Plugin/QueryTest.php \Drupal\Tests\views\Kernel\Plugin\QueryTest
  2. main core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
  3. main core/modules/views_ui/tests/src/Functional/QueryTest.php \Drupal\Tests\views_ui\Functional\QueryTest
  4. main core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest
Same name and namespace in other branches
  1. 11.x core/modules/views/tests/src/Kernel/Plugin/QueryTest.php \Drupal\Tests\views\Kernel\Plugin\QueryTest
  2. 11.x core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
  3. 11.x core/modules/views_ui/tests/src/Functional/QueryTest.php \Drupal\Tests\views_ui\Functional\QueryTest
  4. 11.x core/tests/Drupal/KernelTests/Core/Database/QueryTest.php \Drupal\KernelTests\Core\Database\QueryTest
  5. 11.x core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest
  6. 10 core/modules/views/tests/src/Kernel/Plugin/QueryTest.php \Drupal\Tests\views\Kernel\Plugin\QueryTest
  7. 10 core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
  8. 10 core/modules/views_ui/tests/src/Functional/QueryTest.php \Drupal\Tests\views_ui\Functional\QueryTest
  9. 10 core/tests/Drupal/KernelTests/Core/Database/QueryTest.php \Drupal\KernelTests\Core\Database\QueryTest
  10. 10 core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest
  11. 9 core/modules/views/tests/src/Kernel/Plugin/QueryTest.php \Drupal\Tests\views\Kernel\Plugin\QueryTest
  12. 9 core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
  13. 9 core/modules/views_ui/tests/src/Functional/QueryTest.php \Drupal\Tests\views_ui\Functional\QueryTest
  14. 9 core/tests/Drupal/KernelTests/Core/Database/QueryTest.php \Drupal\KernelTests\Core\Database\QueryTest
  15. 9 core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest
  16. 8.9.x core/modules/views/tests/src/Kernel/Plugin/QueryTest.php \Drupal\Tests\views\Kernel\Plugin\QueryTest
  17. 8.9.x core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php \Drupal\views_test_data\Plugin\views\query\QueryTest
  18. 8.9.x core/modules/views_ui/tests/src/Functional/QueryTest.php \Drupal\Tests\views_ui\Functional\QueryTest
  19. 8.9.x core/tests/Drupal/KernelTests/Core/Database/QueryTest.php \Drupal\KernelTests\Core\Database\QueryTest
  20. 8.9.x core/tests/Drupal/Tests/Core/Entity/Query/Sql/QueryTest.php \Drupal\Tests\Core\Entity\Query\Sql\QueryTest

Tests Drupal's extended prepared statement syntax.

Attributes

#[CoversClass(Connection::class)] #[Group('Database')] #[RunTestsInSeparateProcesses]

Hierarchy

Expanded class hierarchy of QueryTest

1 string reference to 'QueryTest'
QueryTest::calculateDependencies in core/modules/views/tests/modules/views_test_data/src/Plugin/views/query/QueryTest.php
Calculates dependencies for the configured plugin.

File

View on git.drupalcode.org

core/tests/Drupal/KernelTests/Core/Database/QueryTest.php, line 16

Namespace

Drupal\KernelTests\Core\Database
View source 
class QueryTest extends DatabaseTestBase {
  
  /**
   * Tests that we can pass an array of values directly in the query.
   */
  public function testArraySubstitution() : void {
    $names = $this->connection
      ->query('SELECT [name] FROM {test} WHERE [age] IN ( :ages[] ) ORDER BY [age]', [
      ':ages[]' => [
        25,
        26,
        27,
      ],
    ])
      ->fetchAll();
    $this->assertCount(3, $names, 'Correct number of names returned');
    $names = $this->connection
      ->query('SELECT [name] FROM {test} WHERE [age] IN ( :ages[] ) ORDER BY [age]', [
      ':ages[]' => [
        25,
      ],
    ])
      ->fetchAll();
    $this->assertCount(1, $names, 'Correct number of names returned');
  }
  
  /**
   * Tests that we can not pass a scalar value when an array is expected.
   */
  public function testScalarSubstitution() : void {
    try {
      $this->connection
        ->query('SELECT [name] FROM {test} WHERE [age] IN ( :ages[] ) ORDER BY [age]', [
        ':ages[]' => 25,
      ])
        ->fetchAll();
      $this->fail('Array placeholder with scalar argument should result in an exception.');
    } catch (\Exception $e) {
      $this->assertInstanceOf(\InvalidArgumentException::class, $e);
    }
  }
  
  /**
   * Tests SQL injection via database query array arguments.
   */
  public function testArrayArgumentsSQLInjection() : void {
    // Attempt SQL injection and verify that it does not work.
    $condition = [
      "1 ;INSERT INTO {test} (name) VALUES ('test12345678'); -- " => '',
      '1' => '',
    ];
    try {
      $this->connection
        ->query("SELECT * FROM {test} WHERE [name] = :name", [
        ':name' => $condition,
      ])
        ->fetchObject();
      $this->fail('SQL injection attempt via array arguments should result in a database exception.');
    } catch (\InvalidArgumentException) {
      // Expected exception; just continue testing.
    }
    // Test that the insert query that was used in the SQL injection attempt did
    // not result in a row being inserted in the database.
    $result = $this->connection
      ->select('test')
      ->condition('name', 'test12345678')
      ->countQuery()
      ->execute()
      ->fetchField();
    $this->assertEquals(0, $result, 'SQL injection attempt did not result in a row being inserted in the database table.');
  }
  
  /**
   * Tests SQL injection via condition operator.
   */
  public function testConditionOperatorArgumentsSQLInjection() : void {
    $injection = "IS NOT NULL) ;INSERT INTO {test} (name) VALUES ('test12345678'); -- ";
    try {
      $result = $this->connection
        ->select('test', 't')
        ->fields('t')
        ->condition('name', 1, $injection)
        ->execute();
      $this->fail('Should not be able to attempt SQL injection via condition operator.');
    } catch (InvalidQueryException $e) {
      $this->assertSame("Invalid characters in query operator: {$injection}", $e->getMessage());
      // Expected exception; just continue testing.
    }
    // Test that the insert query that was used in the SQL injection attempt did
    // not result in a row being inserted in the database.
    $result = $this->connection
      ->select('test')
      ->condition('name', 'test12345678')
      ->countQuery()
      ->execute()
      ->fetchField();
    $this->assertEquals(0, $result, 'SQL injection attempt did not result in a row being inserted in the database table.');
    // Attempt SQLi via union query with no unsafe characters.
    $this->enableModules([
      'user',
    ]);
    $this->installEntitySchema('user');
    $this->connection
      ->insert('test')
      ->fields([
      'name' => '123456',
    ])
      ->execute();
    $injection = "= 1 UNION ALL SELECT password FROM user WHERE uid =";
    try {
      $result = $this->connection
        ->select('test', 't')
        ->fields('t', [
        'name',
        'name',
      ])
        ->condition('name', 1, $injection)
        ->execute();
      $this->fail('Should not be able to attempt SQL injection via operator.');
    } catch (InvalidQueryException $e) {
      $this->assertSame("Invalid characters in query operator: {$injection}", $e->getMessage());
      // Expected exception; just continue testing.
    }
    // Attempt SQLi via union query - uppercase tablename.
    $this->connection
      ->insert('TEST_UPPERCASE')
      ->fields([
      'name' => 'secrets',
    ])
      ->execute();
    $injection = "IS NOT NULL) UNION ALL SELECT name FROM {TEST_UPPERCASE} -- ";
    try {
      $result = $this->connection
        ->select('test', 't')
        ->fields('t', [
        'name',
      ])
        ->condition('name', 1, $injection)
        ->execute();
      $this->fail('Should not be able to attempt SQL injection via operator.');
    } catch (InvalidQueryException $e) {
      $this->assertSame("Invalid characters in query operator: {$injection}", $e->getMessage());
      // Expected exception; just continue testing.
    }
  }
  
  /**
   * Tests numeric query parameter expansion in expressions.
   *
   * @see \Drupal\sqlite\Driver\Database\sqlite\Statement::getStatement()
   * @see http://bugs.php.net/bug.php?id=45259
   */
  public function testNumericExpressionSubstitution() : void {
    $count_expected = $this->connection
      ->query('SELECT COUNT(*) + 3 FROM {test}')
      ->fetchField();
    $count = $this->connection
      ->query('SELECT COUNT(*) + :count FROM {test}', [
      ':count' => 3,
    ])
      ->fetchField();
    $this->assertEquals($count_expected, $count);
  }
  
  /**
   * Tests quoting identifiers in queries.
   */
  public function testQuotingIdentifiers() : void {
    // Use the table named an ANSI SQL reserved word with a column that is as
    // well.
    $result = $this->connection
      ->query('SELECT [update] FROM {select}')
      ->fetchObject();
    $this->assertEquals('Update value 1', $result->update);
  }

}

Members

Title Modifiers Object type Summary Overriden Title Overrides
AssertContentTrait::$content protected property The current raw content.
AssertContentTrait::$drupalSettings protected property The drupalSettings value from the current raw $content.
AssertContentTrait::$elements protected property The XML structure parsed from the current raw $content.
AssertContentTrait::$plainTextContent protected property The plain-text content of raw $content (text nodes).
AssertContentTrait::assertEscaped protected function Passes if the raw text IS found escaped on the loaded page, fail otherwise.
AssertContentTrait::assertField protected function Asserts that a field exists with the given name or ID.
AssertContentTrait::assertFieldByName protected function Asserts that a field exists with the given name and value.
AssertContentTrait::assertFieldByXPath protected function Asserts that a field exists in the current page by the given XPath.
AssertContentTrait::assertFieldsByValue protected function Asserts that a field exists in the current page with a given Xpath result.
AssertContentTrait::assertLink protected function Passes if a link with the specified label is found.
AssertContentTrait::assertLinkByHref protected function Passes if a link containing a given href (part) is found.
AssertContentTrait::assertNoLink protected function Passes if a link with the specified label is not found.
AssertContentTrait::assertNoPattern protected function Triggers a pass if the perl regex pattern is not found in raw content.
AssertContentTrait::assertNoRaw protected function Passes if the raw text is NOT found on the loaded page, fail otherwise.
AssertContentTrait::assertNoText protected function Passes if the page (with HTML stripped) does not contains the text.
AssertContentTrait::assertPattern protected function Triggers a pass if the Perl regex pattern is found in the raw content.
AssertContentTrait::assertRaw protected function Passes if the raw text IS found on the loaded page, fail otherwise.
AssertContentTrait::assertText protected function Passes if the page (with HTML stripped) contains the text.
AssertContentTrait::assertTextHelper protected function Helper for assertText and assertNoText.
AssertContentTrait::assertThemeOutput protected function Asserts themed output.
AssertContentTrait::assertTitle protected function Pass if the page title is the given string.
AssertContentTrait::buildXPathQuery protected function Builds an XPath query.
AssertContentTrait::constructFieldXpath protected function Helper: Constructs an XPath for the given set of attributes and value.
AssertContentTrait::cssSelect protected function Searches elements using a CSS selector in the raw content.
AssertContentTrait::getAllOptions protected function Get all option elements, including nested options, in a select.
AssertContentTrait::getDrupalSettings protected function Gets the value of drupalSettings for the currently-loaded page.
AssertContentTrait::getRawContent protected function Gets the current raw content.
AssertContentTrait::getSelectedItem protected function Get the selected value from a select field.
AssertContentTrait::getTextContent protected function Retrieves the plain-text content from the current raw content.
AssertContentTrait::parse protected function Parse content returned from curlExec using DOM and SimpleXML.
AssertContentTrait::removeWhiteSpace protected function Removes all white-space between HTML tags from the raw content.
AssertContentTrait::setDrupalSettings protected function Sets the value of drupalSettings for the currently-loaded page.
AssertContentTrait::setRawContent protected function Sets the raw content (e.g. HTML).
AssertContentTrait::xpath protected function Performs an xpath search on the contents of the internal browser.
BrowserHtmlDebugTrait::$htmlOutputBaseUrl protected property The Base URI to use for links to the output files.
BrowserHtmlDebugTrait::$htmlOutputClassName protected property Class name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounter protected property Counter for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounterStorage protected property Counter storage for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputDirectory protected property Directory name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputEnabled protected property HTML output enabled.
BrowserHtmlDebugTrait::$htmlOutputTestId protected property HTML output test ID.
BrowserHtmlDebugTrait::formatHtmlOutputHeaders protected function Formats HTTP headers as string for HTML output logging.
BrowserHtmlDebugTrait::getHtmlOutputHeaders protected function Returns headers in HTML output format. 1
BrowserHtmlDebugTrait::getResponseLogHandler protected function Provides a Guzzle middleware handler to log every response received.
BrowserHtmlDebugTrait::getTestMethodCaller protected function Retrieves the current calling line in the class under test. 1
BrowserHtmlDebugTrait::htmlOutput protected function Logs a HTML output message in a text file.
BrowserHtmlDebugTrait::initBrowserOutputFile protected function Creates the directory to store browser output.
ConfigTestTrait::configImporter protected function Returns a ConfigImporter object to import test configuration.
ConfigTestTrait::copyConfig protected function Copies configuration objects from source storage to target storage.
DatabaseTestBase::$connection protected property The database connection for testing.
DatabaseTestBase::$modules protected static property Modules to install. Overrides KernelTestBase::$modules 2
DatabaseTestBase::ensureSampleDataNull public function Sets up tables for NULL handling.
DatabaseTestBase::setUp protected function Overrides KernelTestBase::setUp 1
DatabaseTestSchemaDataTrait::addSampleData protected function Sets up our sample data.
DatabaseTestSchemaInstallTrait::installSampleSchema protected function Sets up our sample table schema.
DrupalTestCaseTrait::$root protected property The Drupal root directory.
DrupalTestCaseTrait::checkErrorHandlerOnTearDown public function Checks the test error handler after test execution. 1
DrupalTestCaseTrait::getDrupalRoot protected static function Returns the Drupal root directory. 1
DrupalTestCaseTrait::setDebugDumpHandler public static function Registers the dumper CLI handler when the DebugDump extension is enabled.
ExtensionListTestTrait::getModulePath protected function Gets the path for the specified module.
ExtensionListTestTrait::getThemePath protected function Gets the path for the specified theme.
HttpKernelUiHelperTrait::$mink protected property Mink session manager.
HttpKernelUiHelperTrait::assertSession public function Returns WebAssert object.
HttpKernelUiHelperTrait::buildUrl protected function Builds a URL from a system path or a URL object.
HttpKernelUiHelperTrait::clickLink protected function Follows a link by complete name.
HttpKernelUiHelperTrait::drupalGet protected function Retrieves a Drupal path.
HttpKernelUiHelperTrait::getDefaultDriverInstance protected function Gets an instance of the default Mink driver.
HttpKernelUiHelperTrait::getNodeElementsByXpath protected function Performs an xpath search on the contents of the internal browser.
HttpKernelUiHelperTrait::getSession public function Returns Mink session.
HttpKernelUiHelperTrait::getUrl protected function Gets the current URL from the browser.
HttpKernelUiHelperTrait::initMink protected function Initializes Mink sessions.
KernelTestBase::$classLoader protected property The class loader.
KernelTestBase::$configImporter protected property The configuration importer.
KernelTestBase::$configSchemaCheckerExclusions protected static property An array of config object names that are excluded from schema checking. 4
KernelTestBase::$container protected property The test container.
KernelTestBase::$databasePrefix protected property The test database prefix.
KernelTestBase::$keyValue protected property The key_value service that must persist between container rebuilds.
KernelTestBase::$siteDirectory protected property The relative path to the test site directory.
KernelTestBase::$strictConfigSchema protected property Set to TRUE to strict check all configuration saved. 9
KernelTestBase::$usesSuperUserAccessPolicy protected property Set to TRUE to make user 1 a super user. 1
KernelTestBase::$vfsRoot protected property The virtual filesystem root directory.
KernelTestBase::assertPostConditions protected function 1
KernelTestBase::bootEnvironment protected function Bootstraps a basic test environment.
KernelTestBase::bootKernel protected function Bootstraps a kernel for a test. 1
KernelTestBase::config protected function Configuration accessor for tests. Returns non-overridden configuration.
KernelTestBase::disableModules protected function Disables modules for this test.
KernelTestBase::enableModules protected function Enables modules for this test. 2
KernelTestBase::getConfigSchemaExclusions protected function Gets the config schema exclusions for this test.
KernelTestBase::getDatabaseConnectionInfo protected function Returns the Database connection info to be used for this test. 3
KernelTestBase::getDatabasePrefix public function Gets the database prefix used for test isolation.
KernelTestBase::getExtensionsForModules private function Returns Extension objects for $modules to install.
KernelTestBase::getModulesToEnable protected static function Returns the modules to install for this test.
KernelTestBase::initFileCache protected function Initializes the FileCache component.
KernelTestBase::installConfig protected function Installs default configuration for a given list of modules.
KernelTestBase::installEntitySchema protected function Installs the storage schema for a specific entity type.
KernelTestBase::installSchema protected function Installs database tables from a module schema definition.
KernelTestBase::register public function Registers test-specific services. Overrides ServiceProviderInterface::register 40
KernelTestBase::render protected function Renders a render array. 1
KernelTestBase::setInstallProfile protected function Sets the install profile and rebuilds the container to update it.
KernelTestBase::setSetting protected function Sets an in-memory Settings variable.
KernelTestBase::setUpFilesystem protected function Sets up the filesystem, so things like the file directory. 3
KernelTestBase::tearDown protected function 10
KernelTestBase::tearDownCloseDatabaseConnection public function Additional tear down method to close the connection at the end.
KernelTestBase::vfsDump protected function Dumps the current state of the virtual filesystem to STDOUT.
KernelTestBase::__sleep public function Prevents serializing any properties.
QueryTest::testArrayArgumentsSQLInjection public function Tests SQL injection via database query array arguments.
QueryTest::testArraySubstitution public function Tests that we can pass an array of values directly in the query.
QueryTest::testConditionOperatorArgumentsSQLInjection public function Tests SQL injection via condition operator.
QueryTest::testNumericExpressionSubstitution public function Tests numeric query parameter expansion in expressions.
QueryTest::testQuotingIdentifiers public function Tests quoting identifiers in queries.
QueryTest::testScalarSubstitution public function Tests that we can not pass a scalar value when an array is expected.
RandomGeneratorTrait::getRandomGenerator protected function Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName protected function Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject public function Generates a random PHP object.
RandomGeneratorTrait::randomString public function Generates a pseudo-random string of ASCII characters of codes 32 to 126.
StorageCopyTrait::replaceStorageContents protected static function Copy the configuration from one storage to another and remove stale items.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.