cipherstash · tobyhede · Jun 2, 2025 · Jun 2, 2025
diff --git a/packages/cipherstash-proxy-integration/src/common.rs b/packages/cipherstash-proxy-integration/src/common.rs
@@ -125,6 +125,11 @@ pub async fn insert(sql: &str, params: &[&(dyn ToSql + Sync)]) {
     client.query(sql, params).await.unwrap();
 }
 
+pub async fn insert_simple_query(sql: &str) {
+    let client = connect_with_tls(PROXY).await;
+    client.simple_query(sql).await.unwrap();
+}
+
 pub async fn query<T: for<'a> tokio_postgres::types::FromSql<'a> + Send + Sync>(
     sql: &str,
 ) -> Vec<T> {

diff --git a/packages/cipherstash-proxy-integration/src/insert/insert_with_literal.rs b/packages/cipherstash-proxy-integration/src/insert/insert_with_literal.rs
@@ -1,6 +1,9 @@
 #[cfg(test)]
 mod tests {
-    use crate::common::{clear, insert, query_by, random_id, random_limited, trace};
+    use crate::common::{
+        clear, insert, insert_simple_query, query_by, random_id, random_limited, simple_query,
+        trace,
+    };
     use chrono::NaiveDate;
     use serde_json::Value;
 
@@ -17,14 +20,42 @@ mod tests {
                 let encrypted_col = format!("encrypted_{}", stringify!($pg_type));
                 let encrypted_val = crate::value_for_type!($type, random_limited());
 
-                let sql = format!("INSERT INTO encrypted (id, {encrypted_col}) VALUES ($1, '{encrypted_val}')");
-                insert(&sql, &[&id]).await;
+                let expected = vec![encrypted_val.clone()];
 
-                let expected = vec![encrypted_val];
+                let insert_sql = format!("INSERT INTO encrypted (id, {encrypted_col}) VALUES ($1, '{encrypted_val}')");
+                let select_sql = format!("SELECT {encrypted_col} FROM encrypted WHERE id = $1");
+
+                insert(&insert_sql, &[&id]).await;
+                let actual = query_by::<$type>(&select_sql, &id).await;
+
+                assert_eq!(expected, actual);
 
-                let sql = format!("SELECT {encrypted_col} FROM encrypted WHERE id = $1");
+            }
+        };
+    }
 
-                let actual = query_by::<$type>(&sql, &id).await;
+    macro_rules! test_insert_simple_query_with_literal {
+        ($name: ident, $type: ident, $pg_type: ident) => {
+            #[tokio::test]
+            pub async fn $name() {
+                trace();
+
+                clear().await;
+
+
+                let id = random_id();
+
+                let encrypted_col = format!("encrypted_{}", stringify!($pg_type));
+                let encrypted_val = crate::value_for_type!($type, random_limited());
+
+                let insert_sql = format!("INSERT INTO encrypted (id, {encrypted_col}) VALUES ({id}, '{encrypted_val}')");
+                let select_sql = format!("SELECT {encrypted_col} FROM encrypted WHERE id = {id}");
+
+
+                let expected = vec![encrypted_val];
+
+                insert_simple_query(&insert_sql).await;
+                let actual = simple_query::<$type>(&select_sql).await;
 
                 assert_eq!(expected, actual);
             }
@@ -40,6 +71,15 @@ mod tests {
     test_insert_with_literal!(insert_with_literal_date, NaiveDate, date);
     test_insert_with_literal!(insert_with_literal_jsonb, Value, jsonb);
 
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_int2, i16, int2);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_int4, i32, int4);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_int8, i64, int8);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_float8, f64, float8);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_bool, bool, bool);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_text, String, text);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_date, NaiveDate, date);
+    test_insert_simple_query_with_literal!(insert_simple_query_with_literal_jsonb, Value, jsonb);
+
     // -----------------------------------------------------------------
 
     /// Sanity check insert of unencrypted literal value

diff --git a/packages/cipherstash-proxy-integration/src/insert/insert_with_null_literal.rs b/packages/cipherstash-proxy-integration/src/insert/insert_with_null_literal.rs
@@ -1,6 +1,8 @@
 #[cfg(test)]
 mod tests {
-    use crate::common::{clear, insert, query_by, random_id, trace};
+    use crate::common::{
+        clear, insert, insert_simple_query, query_by, random_id, simple_query_with_null, trace,
+    };
     use chrono::NaiveDate;
     use serde_json::Value;
 
@@ -40,6 +42,45 @@ mod tests {
     test_insert_with_null_literal!(insert_with_null_literal_date, NaiveDate, date);
     test_insert_with_null_literal!(insert_with_null_literal_jsonb, Value, jsonb);
 
+    macro_rules! test_insert_simple_query_with_null_literal {
+        ($name: ident, $pg_type: ident) => {
+            #[tokio::test]
+            pub async fn $name() {
+                trace();
+
+                clear().await;
+
+                let id = random_id();
+
+                let encrypted_col = format!("encrypted_{}", stringify!($pg_type));
+                let encrypted_val: Option<String> = None;
+
+                let insert_sql =
+                    format!("INSERT INTO encrypted (id, {encrypted_col}) VALUES ({id}, NULL)");
+                let select_sql = format!("SELECT {encrypted_col} FROM encrypted WHERE id = {id}");
+
+                let expected = vec![encrypted_val];
+
+                insert_simple_query(&insert_sql).await;
+                let actual = simple_query_with_null(&select_sql).await;
+
+                assert_eq!(expected, actual);
+            }
+        };
+    }
+
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_int2, int2);
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_int4, int4);
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_int8, int8);
+    test_insert_simple_query_with_null_literal!(
+        insert_simple_query_with_null_literal_float8,
+        float8
+    );
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_bool, bool);
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_text, text);
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_date, date);
+    test_insert_simple_query_with_null_literal!(insert_simple_query_with_null_literal_jsonb, jsonb);
+
     // -----------------------------------------------------------------
 
     /// Sanity check insert of unencrypted literal value