t/20injection_guard.t - metacpan.org

use strict;
use warnings;
use Test::More;
use Test::Exception;
use SQL::Abstract::Test import => ['is_same_sql_bind'];
use SQL::Abstract;

my $sqla = SQL::Abstract->new;
my $sqla_q = SQL::Abstract->new(quote_char => '"');

throws_ok( sub {
  $sqla->select(
    'foo',
    [ 'bar' ],
    { 'bobby; tables' => 'bar' },
  );
}, qr/Possible SQL injection attempt/, 'Injection thwarted on unquoted column' );

my ($sql, @bind) = $sqla_q->select(
  'foo',
  [ 'bar' ],
  { 'bobby; tables' => 'bar' },
);

is_same_sql_bind (
  $sql, \@bind,
  'SELECT "bar" FROM "foo" WHERE ( "bobby; tables" = ? )',
  [ 'bar' ],
  'Correct sql with quotes on'
);


for ($sqla, $sqla_q) {

  throws_ok( sub {
    $_->select(
      'foo',
      [ 'bar' ],
      { x => { 'bobby; tables' => 'y' } },
    );
  }, qr/Possible SQL injection attempt/, 'Injection thwarted on top level op');

  throws_ok( sub {
    $_->select(
      'foo',
      [ 'bar' ],
      { x => { '<' => { "-go\ndo some harm" => 'y' } } },
    );
  }, qr/Possible SQL injection attempt/, 'Injection thwarted on chained functions');
}

done_testing;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)