summaryrefslogtreecommitdiffstats
path: root/xt/lib/Bugzilla/Test/Search/InjectionTest.pm
diff options
context:
space:
mode:
authorMax Kanat-Alexander <mkanat@bugzilla.org>2010-07-09 00:47:03 +0200
committerMax Kanat-Alexander <mkanat@bugzilla.org>2010-07-09 00:47:03 +0200
commitaf5698b499f43761e3604f4520532e1c287cb095 (patch)
tree0671d61553ea4f820b01bdf4b8f9782992d596a8 /xt/lib/Bugzilla/Test/Search/InjectionTest.pm
parent124c46d598baca86873cf6cccab7ec64b5a599d5 (diff)
downloadbugzilla-af5698b499f43761e3604f4520532e1c287cb095.tar.gz
bugzilla-af5698b499f43761e3604f4520532e1c287cb095.tar.xz
Bug 577557: Make xt/search.t skip certain injection tests on PostgreSQL,
because they make Pg throw an error and then be unable to run any further tests. It's OK to skip these tests because they still run on MySQL, so we'll still catch any injection vulns. r=mkanat, a=mkanat (module owner)
Diffstat (limited to 'xt/lib/Bugzilla/Test/Search/InjectionTest.pm')
-rw-r--r--xt/lib/Bugzilla/Test/Search/InjectionTest.pm17
1 files changed, 14 insertions, 3 deletions
diff --git a/xt/lib/Bugzilla/Test/Search/InjectionTest.pm b/xt/lib/Bugzilla/Test/Search/InjectionTest.pm
index 211026232..1ee83c57c 100644
--- a/xt/lib/Bugzilla/Test/Search/InjectionTest.pm
+++ b/xt/lib/Bugzilla/Test/Search/InjectionTest.pm
@@ -40,7 +40,8 @@ sub _known_broken {
return {} if grep { $_ eq $self->field } @field_ok;
- my $field_broken = INJECTION_BROKEN_FIELD->{$self->field};
+ my $field_broken = INJECTION_BROKEN_FIELD->{$self->field}
+ || INJECTION_BROKEN_FIELD->{$self->field_object->type};
# We don't want to auto-vivify $field_broken and thus make it true.
my @operator_ok = $field_broken ? @{ $field_broken->{operator_ok} || [] }
: ();
@@ -51,8 +52,18 @@ sub _known_broken {
sub sql_error_ok { return $_[0]->_known_broken->{sql_error} }
-# Injection tests don't have to skip any fields.
-sub field_not_yet_implemented { undef }
+# Injection tests only skip fields on certain dbs.
+sub field_not_yet_implemented {
+ my ($self) = @_;
+ my $skip_for_dbs = $self->_known_broken->{db_skip};
+ return undef if !$skip_for_dbs;
+ my $dbh = Bugzilla->dbh;
+ if (my ($skip) = grep { $dbh->isa("Bugzilla::DB::$_") } @$skip_for_dbs) {
+ my $field = $self->field;
+ return "$field injection testing is not supported with $skip";
+ }
+ return undef;
+}
# Injection tests don't do translation.
sub translated_value { $_[0]->test_value }