File tree Expand file tree Collapse file tree 1 file changed +30
-13
lines changed Expand file tree Collapse file tree 1 file changed +30
-13
lines changed Original file line number Diff line number Diff line change @@ -42,21 +42,38 @@ def test_binding_security(conn_cnx, db_parameters):
4242
4343 # SQL injection safe test
4444 # Good Example
45- with pytest .raises (ProgrammingError ):
46- cnx .cursor ().execute (
47- "SELECT * FROM {name} WHERE aa=%s" .format (
48- name = db_parameters ["name" ]
49- ),
50- ("1 or aa>0" ,),
45+ # server behavior change: this no longer raises an error, but returns an empty result set
46+ try :
47+ res = (
48+ cnx .cursor ()
49+ .execute (
50+ "SELECT * FROM {name} WHERE aa=%s" .format (
51+ name = db_parameters ["name" ]
52+ ),
53+ ("1 or aa>0" ,),
54+ )
55+ .fetchall ()
5156 )
52-
53- with pytest .raises (ProgrammingError ):
54- cnx .cursor ().execute (
55- "SELECT * FROM {name} WHERE aa=%(aa)s" .format (
56- name = db_parameters ["name" ]
57- ),
58- {"aa" : "1 or aa>0" },
57+ assert res == []
58+ except ProgrammingError :
59+ # old server behavior: OK
60+ pass
61+
62+ try :
63+ res = (
64+ cnx .cursor ()
65+ .execute (
66+ "SELECT * FROM {name} WHERE aa=%(aa)s" .format (
67+ name = db_parameters ["name" ]
68+ ),
69+ {"aa" : "1 or aa>0" },
70+ )
71+ .fetchall ()
5972 )
73+ assert res == []
74+ except ProgrammingError :
75+ # old server behavior: OK
76+ pass
6077
6178 # Bad Example in application. DON'T DO THIS
6279 c = cnx .cursor ()
You can’t perform that action at this time.
0 commit comments