Skip to content

Test parameter escaping #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
susodapop merged 10 commits into from
Oct 14, 2022
Merged

Test parameter escaping #46

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
49d5b85
Refactor so we can unit test `inject_parameters`
Aug 26, 2022
bce1598
Add unit tests for inject_parameters
Aug 26, 2022
dd25478
Remove inaccurate description. Per #51, spark sql does not support
Oct 10, 2022
29bab86
Fixes #51 and adds unit tests.
Oct 10, 2022
aafbdfa
Working change which passes all written tests and most from #51
Oct 10, 2022
6750633
Implement suggest fix from #51 which now passes the integration test …
Oct 10, 2022
82556df
Incorporate e2e test suggested by #56
Oct 10, 2022
1f9b78c
Black utils.py
Oct 10, 2022
ba4fed6
Fix one typo
Oct 11, 2022
9c8eb6e
Fixed test.
Oct 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Implement suggest fix from #51 which now passes the integration test … 
…provided

Signed-off-by: Jesse Whitehouse <jesse.whitehouse@databricks.com>
  • Loading branch information
Jesse Whitehouse committed Oct 10, 2022
commit 6750633cfb6747a005629f134ea0a742b1e1b681
2 changes: 1 addition & 1 deletion src/databricks/sql/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -146,7 +146,7 @@ def escape_string(self, item):
# This is good enough when backslashes are literal, newlines are just followed, and the way
# to escape a single quote is to put two single quotes.
# (i.e. only special character is single quote)
return "'{}'".format(item.replace("'", "\\'"))
return "'{}'".format(item.replace('\\','\\\\' ).replace("'", "\\'"))

def escape_sequence(self, item):
l = map(str, map(self.escape_item, item))
Expand Down
26 changes: 19 additions & 7 deletions tests/unit/test_param_escaper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,27 +38,39 @@ def test_escape_string_that_includes_special_characters(self):

# Testing for the presence of these characters: '"/\😂

assert pe.escape_string("his name was 'robert palmer'") == "'his name was \'robert palmer\''"
assert pe.escape_string("his name was 'robert palmer'") == r"'his name was \'robert palmer\''"

# These two tests represent the same user input in the several ways it can be written in Python
# Each argument to `escape_string` evaluates to the same bytes. But Python lets us write it differently.
assert pe.escape_string("his name was \"robert palmer\"") == "'his name was \"robert palmer\"'"
assert pe.escape_string('his name was "robert palmer"') == "'his name was \"robert palmer\"'"
assert pe.escape_string('his name was {}'.format('"robert palmer"')) == "'his name was \"robert palmer\"'"

assert pe.escape_string("his name was robert / palmer") == "'his name was robert / palmer'"
assert pe.escape_string("his name was robert / palmer") == r"'his name was robert / palmer'"

# If you need to include a single backslash, use an r-string to prevent Python from raising a
# DeprecationWarning for an invalid escape sequence
assert pe.escape_string(r"his name was robert \/ palmer") == "'his name was robert \\/ palmer'"
assert pe.escape_string("his name was robert \\ palmer") == "'his name was robert \\ palmer'"
assert pe.escape_string("his name was robert \\\\ palmer") == "'his name was robert \\\\ palmer'"
assert pe.escape_string("his name was robert \\/ palmer") == r"'his name was robert \\/ palmer'"
assert pe.escape_string("his name was robert \\ palmer") == r"'his name was robert \\ palmer'"
assert pe.escape_string("his name was robert \\\\ palmer") == r"'his name was robert \\\\ palmer'"

assert pe.escape_string("his name was robert palmer 😂") == "'his name was robert palmer 😂'"
assert pe.escape_string("his name was robert palmer 😂") == r"'his name was robert palmer 😂'"

# Adding the test from PR #56 to prove escape behaviour

assert pe.escape_string("you're") == "'you\'re'"
assert pe.escape_string("you're") == r"'you\'re'"

# Adding this test from #51 to prove escape behaviour when the target string involves repeated SQL escape chars
assert pe.escape_string("cat\\'s meow") == r"'cat\\\'s meow'"

# Tests from the docs: https://docs.databricks.com/sql/language-manual/data-types/string-type.html

assert pe.escape_string('Spark') == "'Spark'"
assert pe.escape_string("O'Connell") == r"'O\'Connell'"
assert pe.escape_string("Some\\nText") == r"'Some\\nText'"
assert pe.escape_string("Some\\\\nText") == r"'Some\\\\nText'"
assert pe.escape_string("서울시") == "'서울시'"
assert pe.escape_string("\\\\") == r"'\\\\'"

def test_escape_date_time(self):
INPUT = datetime(1991,8,3,21,55)
Expand Down