綁定自動匯入日期查詢參數
This commit is contained in:
17
tests/test_import_service_sql_params.py
Normal file
17
tests/test_import_service_sql_params.py
Normal file
@@ -0,0 +1,17 @@
|
||||
from pathlib import Path
|
||||
|
||||
from services.import_service import _build_in_clause
|
||||
|
||||
|
||||
def test_build_in_clause_binds_each_value():
|
||||
clause, params = _build_in_clause("d", ["2026-05-01", "x' OR 1=1 --"])
|
||||
|
||||
assert clause == ":d_0, :d_1"
|
||||
assert params == {"d_0": "2026-05-01", "d_1": "x' OR 1=1 --"}
|
||||
|
||||
|
||||
def test_import_service_does_not_interpolate_date_values_into_in_clauses():
|
||||
source = Path("services/import_service.py").read_text(encoding="utf-8")
|
||||
|
||||
assert "join([f\"'{d}'\"" not in source
|
||||
assert "join([f\"'{d}'\" for d in" not in source
|
||||
Reference in New Issue
Block a user