test: remove duplication in test_search
This commit is contained in:
Sagar Vora
GitHub
parent
8140908f99
commit
6fe9f9b411
1 changed files with 19 additions and 82 deletions
|
|
@ -5,12 +5,7 @@ import re
|
|||
|
||||
import frappe
|
||||
from frappe.app import make_form_dict
|
||||
from frappe.desk.search import (
|
||||
get_names_for_mentions,
|
||||
sanitize_searchfield,
|
||||
search_link,
|
||||
search_widget,
|
||||
)
|
||||
from frappe.desk.search import get_names_for_mentions, search_link, search_widget
|
||||
from frappe.tests.utils import FrappeTestCase
|
||||
from frappe.utils import set_request
|
||||
from frappe.website.serve import get_response
|
||||
|
|
@ -32,71 +27,24 @@ class TestSearch(FrappeTestCase):
|
|||
self.assertTrue("User" in result["value"])
|
||||
|
||||
# raise exception on injection
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield="1=1",
|
||||
)
|
||||
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield="select * from tabSessions) --",
|
||||
)
|
||||
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield="name or (select * from tabSessions)",
|
||||
)
|
||||
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield="*",
|
||||
)
|
||||
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield=";",
|
||||
)
|
||||
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"Customer",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield=";",
|
||||
)
|
||||
for searchfield in (
|
||||
"1=1",
|
||||
"select * from tabSessions) --",
|
||||
"name or (select * from tabSessions)",
|
||||
"*",
|
||||
";",
|
||||
"select`sid`from`tabSessions`",
|
||||
):
|
||||
self.assertRaises(
|
||||
frappe.DataError,
|
||||
search_link,
|
||||
"DocType",
|
||||
"User",
|
||||
query=None,
|
||||
filters=None,
|
||||
page_length=20,
|
||||
searchfield=searchfield,
|
||||
)
|
||||
|
||||
def test_only_enabled_in_mention(self):
|
||||
email = "test_disabled_user_in_mentions@example.com"
|
||||
|
|
@ -185,17 +133,6 @@ class TestSearch(FrappeTestCase):
|
|||
search_link("User", "user@random", searchfield="name")
|
||||
self.assertListEqual(frappe.response["results"], [])
|
||||
|
||||
def test_sanitize_searchfield(self):
|
||||
for searchfield in ("1=1", "name or (select * from tabSessions)", ";", "`tabSessions`"):
|
||||
self.assertRaisesRegex(
|
||||
frappe.DataError,
|
||||
re.compile(r"^(Invalid Search Field .*)$"),
|
||||
sanitize_searchfield,
|
||||
searchfield,
|
||||
)
|
||||
|
||||
sanitize_searchfield("name")
|
||||
|
||||
|
||||
@frappe.validate_and_sanitize_search_inputs
|
||||
def get_data(doctype, txt, searchfield, start, page_len, filters):
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue