Skip to content

Commit 5e39be5

Browse files
jeongsoolee09jeongsoolee09
committed
Refine test cases and add more cases
1 parent a8a0bb4 commit 5e39be5

File tree

1 file changed

+51
-5
lines changed
  • javascript/frameworks/cap/test/queries/cqlinjection/srv

1 file changed

+51
-5
lines changed

javascript/frameworks/cap/test/queries/cqlinjection/srv/service1.js

Lines changed: 51 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,13 +23,18 @@ module.exports = class Service1 extends cds.ApplicationService {
2323
const { id, amount } = req.data;
2424
cds.update("Entity1").set("col1 = col1" + amount).where("col1 = " + id);
2525
});
26-
26+
2727
this.on("send15", async (req) => {
2828
const { id } = req.data;
29-
cds.upsert("Entity1").entries({id: "" + id});
29+
cds.insert("Entity1").entries({id: "" + id});
3030
});
3131

3232
this.on("send16", async (req) => {
33+
const { id } = req.data;
34+
cds.upsert("Entity1").entries({id: "" + id});
35+
});
36+
37+
this.on("send17", async (req) => {
3338
const { id } = req.data;
3439
cds.delete("Entity1").where("ID =" + id);
3540
});
@@ -86,13 +91,18 @@ module.exports = class Service1 extends cds.ApplicationService {
8691
const { id, amount } = req.data;
8792
this.update(`Service1Entity`).set("col1 = col1" + amount).where("col1 = " + id);
8893
});
89-
94+
9095
this.on("send35", async (req) => {
9196
const { id } = req.data;
92-
this.upsert(`Service1Entity`).entries({id: "" + id});
97+
this.insert(`Service1Entity`).entries({id: "" + id});
9398
});
9499

95100
this.on("send36", async (req) => {
101+
const { id } = req.data;
102+
this.upsert(`Service1Entity`).entries({id: "" + id});
103+
});
104+
105+
this.on("send37", async (req) => {
96106
const { id } = req.data;
97107
this.delete(`Service1Entity`).where("ID =" + id);
98108
});
@@ -126,13 +136,49 @@ module.exports = class Service1 extends cds.ApplicationService {
126136
this.on("send45", async (req) => {
127137
const { id } = req.data;
128138
const { Service2 } = await cds.connect.to("Service2");
129-
Service2.upsert(`Service2Entity`).entries({id: "" + id});
139+
Service2.insert(`Service2Entity`).entries({id: "" + id});
130140
});
131141

132142
this.on("send46", async (req) => {
143+
const { id } = req.data;
144+
const { Service2 } = await cds.connect.to("Service2");
145+
Service2.upsert(`Service2Entity`).entries({id: "" + id});
146+
});
147+
148+
this.on("send47", async (req) => {
133149
const { id } = req.data;
134150
const { Service2 } = await cds.connect.to("Service2");
135151
Service2.delete(`Service2Entity`).where("ID =" + id);
136152
});
153+
154+
/* ========== 5. Service1 running query on Service2 using CQN parsed with `cds.ql` ========== */
155+
this.on("send5", async (req) => {
156+
const { id } = req.data;
157+
const { Service2 } = await cds.connect.to("Service2");
158+
const query = cds.ql("SELECT * from Service1Entity where ID =" + id);
159+
Service2.run(query);
160+
});
161+
162+
/* ========== 6. Service1 running query on the database service using CQN parsed with `cds.parse.cql` ========== */
163+
this.on("send6", async (req) => {
164+
const { id } = req.data;
165+
const query = cds.parse.cql(`SELECT * from Entity1 where ID =` + id);
166+
cds.run(query);
167+
});
168+
169+
/* ========== 7. Service1 running query on Service2 using an unparsed CDL string (only valid in old versions of CAP) ========== */
170+
this.on("send71", async (req) => {
171+
const { id } = req.data;
172+
const { Service2 } = await cds.connect.to("Service2");
173+
const query = "SELECT * from Entity1 where ID =" + id;
174+
Service2.run(query);
175+
});
176+
177+
this.on("send72", async (req) => {
178+
const { id } = req.data;
179+
const { Service2 } = await cds.connect.to("Service2");
180+
const query = `SELECT * from Entity1 where ID =` + id;
181+
Service2.run(query);
182+
});
137183
}
138184
};

0 commit comments

Comments
 (0)