Skip to content

Commit

Permalink
Add PostgreSQL multi-line query transform tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@sjanusz-r7
sjanusz-r7 committed Jan 23, 2024
1 parent 1fe448f commit 73dbe2e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 1 deletion.
8 changes: 7 additions & 1 deletion lib/rex/post/postgresql/ui/console/command_dispatcher/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ def cmd_shell(*args)
return
end

formatted_query = raw_query.split.map { |word| word.chomp('\\') }.reject(&:empty?).compact.join(' ')
formatted_query = process_query(query: raw_query)

unless formatted_query.empty?
print_status "Running SQL Command: '#{formatted_query}'"
Expand Down Expand Up @@ -155,6 +155,12 @@ def cmd_query(*args)
print_line(table.to_s)
end
end

def process_query(query: '')
return '' if query.empty?

query.lines.each.map { |line| line.chomp("\\\n").strip }.reject(&:empty?).compact.join(' ')
end
end
end
end
Expand Down
28 changes: 28 additions & 0 deletions spec/lib/rex/post/postgresql/ui/console/command_dispatcher/client_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# frozen_string_literal: true

require 'spec_helper'
require 'rex/post/postgresql'

RSpec.describe Rex::Post::PostgreSQL::Ui::Console::CommandDispatcher::Client do
let (:client) { described_class.new(nil) }

before(:each) do
allow(client).to receive(:process_query).and_call_original
end

describe '.process_query' do
[
{ query: "SELECT \\\nVERSION();", result: 'SELECT VERSION();' },
{ query: "SELECT \VERSION();", result: 'SELECT VERSION();' },
{ query: "SELECT * \\\nFROM dummy_table\\\nWHERE name='example_name'\\\n;", result: "SELECT * FROM dummy_table WHERE name='example_name' ;" },
{ query: "SELECT \\\n* FROM dummy_table\\\n WHERE name='example_name';\n", result: "SELECT * FROM dummy_table WHERE name='example_name';" },
{ query: "INSERT INTO dummy_table VALUES (\\\n'username' \\\n'password_!@£$%^&*()\\'\\\n);", result: "INSERT INTO dummy_table VALUES ( 'username' 'password_!@£$%^&*()\\' );" },
{ query: "DELETE\\\n FROM\\\n dummy_table\\\n WHERE\\\n field='\"\\'\\\n;", result: "DELETE FROM dummy_table WHERE field='\"\\' ;" },
{ query: "SELECT * FROM dummy_table WHERE field='example\\\nfield'", result: "SELECT * FROM dummy_table WHERE field='example field'" },
].each do |expected|
it 'returns the expected value' do
expect(client.process_query(query: expected[:query])).to eq(expected[:result])
end
end
end
end

0 comments on commit 73dbe2e

Please sign in to comment.