Skip to content

Commit d968632

Browse files
jeongsoolee09jeongsoolee09
committed
Add some more cases and add FP tags
1 parent a93a7b1 commit d968632

File tree

1 file changed

+125
-18
lines changed
  • javascript/frameworks/cap/test/queries/cqlinjection/srv

1 file changed

+125
-18
lines changed

javascript/frameworks/cap/test/queries/cqlinjection/srv/service1.js

Lines changed: 125 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ module.exports = class Service1 extends cds.ApplicationService {
2424
this.on("send00114", async (req) => {
2525
const { id } = req.data;
2626
const query = SELECT.from`Entity1`.where`ID=${id}`;
27-
cds.run(query);
27+
cds.run(query); // FP
2828
});
2929

3030
this.on("send00121", async (req) => {
@@ -44,7 +44,7 @@ module.exports = class Service1 extends cds.ApplicationService {
4444

4545
this.on("send00124", async (req) => {
4646
const { id } = req.data;
47-
cds.read("Entity1").where`ID=${id}`;
47+
cds.read("Entity1").where`ID=${id}`; // FP
4848
});
4949

5050
this.on("send00131", async (req) => {
@@ -79,7 +79,7 @@ module.exports = class Service1 extends cds.ApplicationService {
7979

8080
this.on("send00144", async (req) => {
8181
const { id, amount } = req.data;
82-
cds.update("Entity1").set("col1 = col1" + amount).where`col1 = ${id}`;
82+
cds.update("Entity1").set("col1 = col1" + amount).where`col1 = ${id}`; // FP
8383
});
8484

8585
this.on("send00151", async (req) => {
@@ -129,7 +129,7 @@ module.exports = class Service1 extends cds.ApplicationService {
129129

130130
this.on("send00174", async (req) => {
131131
const { id } = req.data;
132-
cds.delete("Entity1").where`ID = ${id}`;
132+
cds.delete("Entity1").where`ID = ${id}`; // FP
133133
});
134134

135135
/* ========== 2. Service1 running query on itself by `await`-ing the query ========== */
@@ -154,7 +154,7 @@ module.exports = class Service1 extends cds.ApplicationService {
154154
this.on("send00214", async (req) => {
155155
const { id } = req.data;
156156
const { Service1Entity } = this.entities;
157-
await SELECT.from(Service1Entity).where`ID=${id}`;
157+
await SELECT.from(Service1Entity).where`ID=${id}`; // FP
158158
});
159159

160160
this.on("send00221", async (req) => {
@@ -178,7 +178,7 @@ module.exports = class Service1 extends cds.ApplicationService {
178178
this.on("send00224", async (req) => {
179179
const { id } = req.data;
180180
const { Service1Entity } = this.entities;
181-
await INSERT.into(Service1Entity).entries`ID = ${id}`;
181+
await INSERT.into(Service1Entity).entries`ID = ${id}`; // FP
182182
});
183183

184184
this.on("send00231", async (req) => {
@@ -202,7 +202,7 @@ module.exports = class Service1 extends cds.ApplicationService {
202202
this.on("send00234", async (req) => {
203203
const { id } = req.data;
204204
const { Service1Entity } = this.entities;
205-
await UPDATE.entity(Service1Entity).set("col1 = col1 + " + id).where`ID = ${id}`;
205+
await UPDATE.entity(Service1Entity).set("col1 = col1 + " + id).where`ID = ${id}`; // FP
206206
});
207207

208208
this.on("send00241", async (req) => {
@@ -244,7 +244,7 @@ module.exports = class Service1 extends cds.ApplicationService {
244244
this.on("send00254", async (req) => {
245245
const { id } = req.data;
246246
const { Service1Entity } = this.entities;
247-
await DELETE.from(Service1Entity).where`ID = ${id}`;
247+
await DELETE.from(Service1Entity).where`ID = ${id}`; // FP
248248
});
249249

250250
/* ========== 3. Service1 running query on itself using `this.run` and friends using Fluent API ========== */
@@ -378,7 +378,7 @@ module.exports = class Service1 extends cds.ApplicationService {
378378

379379
this.on("send64", async (req) => {
380380
const { id } = req.data;
381-
const query = cds.parse.cql`SELECT * from Entity1 where ID = ${id}`;
381+
const query = cds.parse.cql`SELECT * from Entity1 where ID = ${id}`; // FP
382382
cds.run(query);
383383
});
384384

@@ -397,13 +397,13 @@ module.exports = class Service1 extends cds.ApplicationService {
397397

398398
this.on("send73", async (req) => {
399399
const { id } = req.data;
400-
const query = CQL`SELECT * from Entity1 where ID = ${id}`;
400+
const query = CQL(`SELECT * from Entity1 where ID = ${id}`);
401401
cds.run(query);
402402
});
403403

404404
this.on("send74", async (req) => {
405405
const { id } = req.data;
406-
const query = CQL(`SELECT * from Entity1 where ID = ${id}`);
406+
const query = CQL`SELECT * from Entity1 where ID = ${id}`; // FP
407407
cds.run(query);
408408
});
409409

@@ -415,6 +415,20 @@ module.exports = class Service1 extends cds.ApplicationService {
415415
Service2.run(query);
416416
});
417417

418+
this.on("send82", async (req) => {
419+
const { id } = req.data;
420+
const Service2 = await cds.connect.to("Service2");
421+
const query = `SELECT * from Entity1 where ID =` + id;
422+
Service2.run(query);
423+
});
424+
425+
this.on("send83", async (req) => {
426+
const { id } = req.data;
427+
const Service2 = await cds.connect.to("Service2");
428+
const query = `SELECT * from Entity1 where ID = ${id}`;
429+
Service2.run(query);
430+
});
431+
418432
/* ========== 9. Service1 running query on Service2 using `Service2.tx( tx => tx.run(...) )` and friends ========== */
419433
this.on("send91", async (req) => {
420434
const { id } = req.data;
@@ -627,40 +641,133 @@ module.exports = class Service1 extends cds.ApplicationService {
627641
});
628642

629643
/* ========== 13. Service1 running query on the database service using `cds.run` and friends using Fluent API ========== */
630-
this.on("send131", async (req) => {
644+
this.on("send001311", async (req) => {
631645
const { id } = req.data;
632646
const query = SELECT.from`Entity1`.where("ID=" + id);
633647
cds.db.run(query);
634648
});
635649

636-
this.on("send132", async (req) => {
650+
this.on("send001312", async (req) => {
651+
const { id } = req.data;
652+
const query = SELECT.from`Entity1`.where(`ID=` + id);
653+
cds.db.run(query);
654+
});
655+
656+
this.on("send001313", async (req) => {
657+
const { id } = req.data;
658+
const query = SELECT.from`Entity1`.where(`ID=${id}`);
659+
cds.db.run(query);
660+
});
661+
662+
this.on("send001314", async (req) => {
663+
const { id } = req.data;
664+
const query = SELECT.from`Entity1`.where`ID=${id}`; // FP
665+
cds.db.run(query);
666+
});
667+
668+
this.on("send001321", async (req) => {
637669
const { id } = req.data;
638670
cds.db.read("Entity1").where("ID =" + id);
639671
});
640672

641-
this.on("send133", async (req) => {
673+
this.on("send001322", async (req) => {
674+
const { id } = req.data;
675+
cds.db.read("Entity1").where(`ID =` + id);
676+
});
677+
678+
this.on("send001323", async (req) => {
679+
const { id } = req.data;
680+
cds.db.read("Entity1").where(`ID=${id}`);
681+
});
682+
683+
this.on("send001324", async (req) => {
684+
const { id } = req.data;
685+
cds.db.read("Entity1").where`ID=${id}`; // FP
686+
});
687+
688+
this.on("send001331", async (req) => {
642689
const { id } = req.data;
643690
cds.db.create("Entity1").entries({id: "" + id});
644691
});
645692

646-
this.on("send134", async (req) => {
693+
this.on("send001332", async (req) => {
694+
const { id } = req.data;
695+
cds.db.create("Entity1").entries({id: `` + id});
696+
});
697+
698+
this.on("send001333", async (req) => {
699+
const { id } = req.data;
700+
cds.db.create("Entity1").entries({id: `${id}`});
701+
});
702+
703+
this.on("send001341", async (req) => {
647704
const { id, amount } = req.data;
648705
cds.db.update("Entity1").set("col1 = col1" + amount).where("col1 = " + id);
649706
});
650707

651-
this.on("send135", async (req) => {
708+
this.on("send001342", async (req) => {
709+
const { id, amount } = req.data;
710+
cds.db.update("Entity1").set("col1 = col1" + amount).where(`col1 =` + id);
711+
});
712+
713+
this.on("send001343", async (req) => {
714+
const { id, amount } = req.data;
715+
cds.db.update("Entity1").set("col1 = col1" + amount).where(`col1 = ${id}`);
716+
});
717+
718+
this.on("send001344", async (req) => {
719+
const { id, amount } = req.data;
720+
cds.db.update("Entity1").set("col1 = col1" + amount).where`col1 = ${id}`; // FP
721+
});
722+
723+
this.on("send001351", async (req) => {
652724
const { id } = req.data;
653725
cds.db.insert("Entity1").entries({id: "" + id});
654726
});
655727

656-
this.on("send136", async (req) => {
728+
this.on("send001352", async (req) => {
729+
const { id } = req.data;
730+
cds.db.insert("Entity1").entries({id: `` + id});
731+
});
732+
733+
this.on("send001353", async (req) => {
734+
const { id } = req.data;
735+
cds.db.insert("Entity1").entries({id: `${id}`});
736+
});
737+
738+
this.on("send001361", async (req) => {
657739
const { id } = req.data;
658740
cds.db.upsert("Entity1").entries({id: "" + id});
659741
});
660742

661-
this.on("send137", async (req) => {
743+
this.on("send001362", async (req) => {
744+
const { id } = req.data;
745+
cds.db.upsert("Entity1").entries({id: `` + id});
746+
});
747+
748+
this.on("send001363", async (req) => {
749+
const { id } = req.data;
750+
cds.db.upsert("Entity1").entries({id: `${id}`});
751+
});
752+
753+
this.on("send001371", async (req) => {
662754
const { id } = req.data;
663755
cds.db.delete("Entity1").where("ID =" + id);
664756
});
757+
758+
this.on("send001372", async (req) => {
759+
const { id } = req.data;
760+
cds.db.delete("Entity1").where(`ID =` + id);
761+
});
762+
763+
this.on("send001373", async (req) => {
764+
const { id } = req.data;
765+
cds.db.delete("Entity1").where(`ID = ${id}`);
766+
});
767+
768+
this.on("send001374", async (req) => {
769+
const { id } = req.data;
770+
cds.db.delete("Entity1").where`ID = ${id}`; // FP
771+
});
665772
}
666773
};

0 commit comments

Comments
 (0)