Skip to content

Commit

Permalink
CodeQL fixes and cleaned up tests
Browse files Browse the repository at this point in the history
  • Loading branch information
Riku Virtanen committed Mar 1, 2024
1 parent 629ff69 commit edf75c1
Show file tree
Hide file tree
Showing 9 changed files with 100 additions and 311 deletions.
65 changes: 8 additions & 57 deletions Frends.MicrosoftSQL.ExecuteQuery/Frends.MicrosoftSQL.ExecuteQuery.Tests/AutoUnitTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,50 +1,13 @@
using Frends.MicrosoftSQL.ExecuteQuery.Definitions;
using Frends.MicrosoftSQL.ExecuteQuery.Tests.Lib;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using Newtonsoft.Json.Linq;
using System.Data.SqlClient;

namespace Frends.MicrosoftSQL.ExecuteQuery.Tests;

[TestClass]
public class AutoUnitTests
public class AutoUnitTests : ExecuteQueryTestBase
{
/*
docker-compose up -d
How to use via terminal:
docker exec -it sql1 "bash"
/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "Salakala123!"
SELECT * FROM TestTable
GO
*/

private static readonly string _connString = "Server=127.0.0.1,1433;Database=Master;User Id=SA;Password=Salakala123!";
private static readonly string _tableName = "TestTable";

[TestInitialize]
public void Init()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN CREATE TABLE {_tableName} ( Id int, LastName varchar(255), FirstName varchar(255) ); END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}

[TestCleanup]
public void CleanUp()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN DROP TABLE IF EXISTS {_tableName}; END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}

[TestMethod]
public async Task TestExecuteQuery_Auto()
{
Expand Down Expand Up @@ -113,7 +76,7 @@ public async Task TestExecuteQuery_Auto()
Assert.AreEqual(3, insert.RecordsAffected);
Assert.IsNull(insert.ErrorMessage);
Assert.AreEqual(3, (int)insert.Data["AffectedRows"]);
Assert.AreEqual(3, GetRowCount()); // Make sure rows inserted before moving on.
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // Make sure rows inserted before moving on.

// Select all
var select = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Expand All @@ -127,7 +90,7 @@ public async Task TestExecuteQuery_Auto()
Assert.AreEqual("Forst", (string)select.Data[1]["FirstName"]);
Assert.AreEqual("Hiiri", (string)select.Data[2]["LastName"]);
Assert.AreEqual("Mikki", (string)select.Data[2]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Select single
var selectSingle = await MicrosoftSQL.ExecuteQuery(inputSelectSingle, options, default);
Expand All @@ -137,29 +100,29 @@ public async Task TestExecuteQuery_Auto()
Assert.AreEqual(typeof(JArray), selectSingle.Data.GetType());
Assert.AreEqual("Suku", (string)selectSingle.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)selectSingle.Data[0]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Update
var update = await MicrosoftSQL.ExecuteQuery(inputUpdate, options, default);
Assert.IsTrue(update.Success);
Assert.AreEqual(1, update.RecordsAffected);
Assert.IsNull(update.ErrorMessage);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check
var checkUpdateResult = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Assert.AreEqual("Suku", (string)checkUpdateResult.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)checkUpdateResult.Data[0]["FirstName"]);
Assert.AreEqual("Edit", (string)checkUpdateResult.Data[1]["LastName"]);
Assert.AreEqual("Forst", (string)checkUpdateResult.Data[1]["FirstName"]);
Assert.AreEqual("Hiiri", (string)checkUpdateResult.Data[2]["LastName"]);
Assert.AreEqual("Mikki", (string)checkUpdateResult.Data[2]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Delete
var delete = await MicrosoftSQL.ExecuteQuery(inputDelete, options, default);
Assert.IsTrue(delete.Success);
Assert.AreEqual(1, delete.RecordsAffected);
Assert.IsNull(delete.ErrorMessage);
Assert.AreEqual(2, GetRowCount()); // double check
Assert.AreEqual(2, Helper.GetRowCount(_connString, _tableName)); // double check
var checkDeleteResult = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Assert.AreEqual("Suku", (string)checkDeleteResult.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)checkDeleteResult.Data[0]["FirstName"]);
Expand All @@ -169,16 +132,4 @@ public async Task TestExecuteQuery_Auto()
CleanUp();
}
}

private static int GetRowCount()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var getRows = connection.CreateCommand();
getRows.CommandText = $"SELECT COUNT(*) FROM {_tableName}";
var count = (int)getRows.ExecuteScalar();
connection.Close();
connection.Dispose();
return count;
}
}
41 changes: 2 additions & 39 deletions ...ds.MicrosoftSQL.ExecuteQuery/Frends.MicrosoftSQL.ExecuteQuery.Tests/ExceptionUnitTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,49 +1,12 @@
using Frends.MicrosoftSQL.ExecuteQuery.Definitions;
using Frends.MicrosoftSQL.ExecuteQuery.Tests.Lib;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using System.Data.SqlClient;

namespace Frends.MicrosoftSQL.ExecuteQuery.Tests;

[TestClass]
public class ExceptionUnitTests
public class ExceptionUnitTests : ExecuteQueryTestBase
{
/*
docker-compose up
How to use via terminal:
docker exec -it sql1 "bash"
/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "Salakala123!"
SELECT * FROM TestTable
GO
*/

private static readonly string _connString = "Server=127.0.0.1,1433;Database=Master;User Id=SA;Password=Salakala123!";
private static readonly string _tableName = "TestTable";

[TestInitialize]
public void Init()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN CREATE TABLE {_tableName} ( Id int, LastName varchar(255), FirstName varchar(255) ); END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}

[TestCleanup]
public void CleanUp()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN DROP TABLE IF EXISTS {_tableName}; END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}

[TestMethod]
public async Task TestExecuteQuery_Invalid_Creds_ThrowError()
{
Expand Down
54 changes: 8 additions & 46 deletions ...icrosoftSQL.ExecuteQuery/Frends.MicrosoftSQL.ExecuteQuery.Tests/ExecuteReaderUnitTests.cs
View file
Original file line number Diff line number Diff line change
@@ -1,40 +1,14 @@
using Frends.MicrosoftSQL.ExecuteQuery.Definitions;
using Frends.MicrosoftSQL.ExecuteQuery.Tests.Lib;
using Microsoft.VisualStudio.TestTools.UnitTesting;
using Newtonsoft.Json.Linq;
using System.Data.SqlClient;

namespace Frends.MicrosoftSQL.ExecuteQuery.Tests;

[TestClass]
public class ExecuteReaderUnitTests
public class ExecuteReaderUnitTests : ExecuteQueryTestBase
{
/*
docker-compose up
How to use via terminal:
docker exec -it sql1 "bash"
/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "Salakala123!"
SELECT * FROM TestTable
GO
*/

private static readonly string _connString = "Server=127.0.0.1,1433;Database=Master;User Id=SA;Password=Salakala123!";
private static readonly string _tableName = "TestTable";

[TestInitialize]
public void Init()
{
var command = $@"IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN CREATE TABLE {_tableName} ( Id int, LastName varchar(255), FirstName varchar(255) ); END";
ExecuteQuery(command);
}

[TestCleanup]
public void CleanUp()
{
var command = $@"IF EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN DROP TABLE IF EXISTS {_tableName}; END";
ExecuteQuery(command);
}

[TestMethod]
public async Task TestExecuteQuery_ExecuteReader()
{
Expand Down Expand Up @@ -102,7 +76,7 @@ public async Task TestExecuteQuery_ExecuteReader()
Assert.IsTrue(insert.Success);
Assert.AreEqual(3, insert.RecordsAffected);
Assert.IsNull(insert.ErrorMessage);
Assert.AreEqual(3, GetRowCount()); // Make sure rows inserted before moving on.
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // Make sure rows inserted before moving on.

// Select all
var select = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Expand All @@ -116,7 +90,7 @@ public async Task TestExecuteQuery_ExecuteReader()
Assert.AreEqual("Forst", (string)select.Data[1]["FirstName"]);
Assert.AreEqual("Hiiri", (string)select.Data[2]["LastName"]);
Assert.AreEqual("Mikki", (string)select.Data[2]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Select single
var selectSingle = await MicrosoftSQL.ExecuteQuery(inputSelectSingle, options, default);
Expand All @@ -126,29 +100,29 @@ public async Task TestExecuteQuery_ExecuteReader()
Assert.AreEqual(typeof(JArray), selectSingle.Data.GetType());
Assert.AreEqual("Suku", (string)selectSingle.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)selectSingle.Data[0]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Update
var update = await MicrosoftSQL.ExecuteQuery(inputUpdate, options, default);
Assert.IsTrue(update.Success);
Assert.AreEqual(1, update.RecordsAffected);
Assert.IsNull(update.ErrorMessage);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check
var checkUpdateResult = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Assert.AreEqual("Suku", (string)checkUpdateResult.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)checkUpdateResult.Data[0]["FirstName"]);
Assert.AreEqual("Edit", (string)checkUpdateResult.Data[1]["LastName"]);
Assert.AreEqual("Forst", (string)checkUpdateResult.Data[1]["FirstName"]);
Assert.AreEqual("Hiiri", (string)checkUpdateResult.Data[2]["LastName"]);
Assert.AreEqual("Mikki", (string)checkUpdateResult.Data[2]["FirstName"]);
Assert.AreEqual(3, GetRowCount()); // double check
Assert.AreEqual(3, Helper.GetRowCount(_connString, _tableName)); // double check

// Delete
var delete = await MicrosoftSQL.ExecuteQuery(inputDelete, options, default);
Assert.IsTrue(delete.Success);
Assert.AreEqual(1, delete.RecordsAffected);
Assert.IsNull(delete.ErrorMessage);
Assert.AreEqual(2, GetRowCount()); // double check
Assert.AreEqual(2, Helper.GetRowCount(_connString, _tableName)); // double check
var checkDeleteResult = await MicrosoftSQL.ExecuteQuery(inputSelect, options, default);
Assert.AreEqual("Suku", (string)checkDeleteResult.Data[0]["LastName"]);
Assert.AreEqual("Etu", (string)checkDeleteResult.Data[0]["FirstName"]);
Expand Down Expand Up @@ -203,18 +177,6 @@ public async Task ExecuteQueryTestWithBinaryData()
Assert.AreEqual(Convert.ToBase64String(binary), Convert.ToBase64String((byte[])result.Data[0]["Data"]));
}

private static int GetRowCount()
{
using var connection = new SqlConnection(_connString);
connection.Open();
var getRows = connection.CreateCommand();
getRows.CommandText = $"SELECT COUNT(*) FROM {_tableName}";
var count = (int)getRows.ExecuteScalar();
connection.Close();
connection.Dispose();
return count;
}

private static void ExecuteQuery(string command)
{
using var connection = new SqlConnection(_connString);

Check failure

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.
Expand Down
39 changes: 39 additions & 0 deletions ...rosoftSQL.ExecuteQuery/Frends.MicrosoftSQL.ExecuteQuery.Tests/Lib/ExecuteQueryTestBase.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
using Microsoft.VisualStudio.TestTools.UnitTesting;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace Frends.MicrosoftSQL.ExecuteQuery.Tests.Lib;

public class ExecuteQueryTestBase
{
internal static readonly string _connString = Helper.CreateConnectionString();
internal static readonly string _tableName = "TestTable";

[TestInitialize]
public void Init()
{
using var connection = new SqlConnection(_connString);

Check failure

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF NOT EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN CREATE TABLE {_tableName} ( Id int, LastName varchar(255), FirstName varchar(255) ); END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}

[TestCleanup]
public void CleanUp()
{
using var connection = new SqlConnection(_connString);

Check failure

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.
connection.Open();
var createTable = connection.CreateCommand();
createTable.CommandText = $@"IF EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='{_tableName}') BEGIN DROP TABLE IF EXISTS {_tableName}; END";
createTable.ExecuteNonQuery();
connection.Close();
connection.Dispose();
}
}
23 changes: 23 additions & 0 deletions Frends.MicrosoftSQL.ExecuteQuery/Frends.MicrosoftSQL.ExecuteQuery.Tests/Lib/Helper.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
using System.Data.SqlClient;

namespace Frends.MicrosoftSQL.ExecuteQuery.Tests.Lib;

internal class Helper
{
internal static string CreateConnectionString()
{
return "Server=127.0.0.1,1433;Database=Master;User Id=SA;Password=Salakala123!";

Check failure

Code scanning / CodeQL

Hard-coded connection string with credentials Critical

'ConnectionString' property includes hard-coded credentials set in
object creation of type SqlConnection
Loading
.
'ConnectionString' property includes hard-coded credentials set in
object creation of type SqlConnection
Loading
.
'ConnectionString' property includes hard-coded credentials set in
object creation of type SqlConnection
Loading
.
'ConnectionString' property includes hard-coded credentials set in
object creation of type SqlConnection
Loading
.
'ConnectionString' property includes hard-coded credentials set in
object creation of type SqlConnection
Loading
.
}

internal static int GetRowCount(string connString, string table)
{
using var connection = new SqlConnection(connString);

Check failure

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.
connection.Open();
var getRows = connection.CreateCommand();
getRows.CommandText = $"SELECT COUNT(*) FROM {table}";
var count = (int)getRows.ExecuteScalar();
connection.Close();
connection.Dispose();
return count;
}
}
Loading

0 comments on commit edf75c1

Please sign in to comment.