Merge pull request #8125 from eugenp/revert-8119-BAEL-3275-2

Revert "BAEL-3275: Using blocking queue for pub-sub"
This commit is contained in:
Eric Martin
2019-10-31 20:43:47 -05:00
committed by GitHub
parent db85c8f275
commit 3225470df5
20543 changed files with 1642750 additions and 0 deletions
@@ -0,0 +1,92 @@
package com.baeldung.examples.security.sql;
import static org.assertj.core.api.Assertions.assertThat;
import java.util.List;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import com.baeldung.examples.security.sql.AccountDAO;
import com.baeldung.examples.security.sql.AccountDTO;
@RunWith(SpringRunner.class)
@SpringBootTest
@ActiveProfiles({ "test" })
public class SqlInjectionSamplesApplicationUnitTest {
@Autowired
private AccountDAO target;
@Test
public void givenAVulnerableMethod_whenValidCustomerId_thenReturnSingleAccount() {
List<AccountDTO> accounts = target.unsafeFindAccountsByCustomerId("C1");
assertThat(accounts).isNotNull();
assertThat(accounts).isNotEmpty();
assertThat(accounts).hasSize(1);
}
@Test
public void givenAVulnerableMethod_whenHackedCustomerId_thenReturnAllAccounts() {
List<AccountDTO> accounts = target.unsafeFindAccountsByCustomerId("C1' or '1'='1");
assertThat(accounts).isNotNull();
assertThat(accounts).isNotEmpty();
assertThat(accounts).hasSize(3);
}
@Test
public void givenAVulnerableJpaMethod_whenHackedCustomerId_thenReturnAllAccounts() {
List<AccountDTO> accounts = target.unsafeJpaFindAccountsByCustomerId("C1' or '1'='1");
assertThat(accounts).isNotNull();
assertThat(accounts).isNotEmpty();
assertThat(accounts).hasSize(3);
}
@Test
public void givenASafeMethod_whenHackedCustomerId_thenReturnNoAccounts() {
List<AccountDTO> accounts = target.safeFindAccountsByCustomerId("C1' or '1'='1");
assertThat(accounts).isNotNull();
assertThat(accounts).isEmpty();
}
@Test
public void givenASafeJpaMethod_whenHackedCustomerId_thenReturnNoAccounts() {
List<AccountDTO> accounts = target.safeJpaFindAccountsByCustomerId("C1' or '1'='1");
assertThat(accounts).isNotNull();
assertThat(accounts).isEmpty();
}
@Test
public void givenASafeJpaCriteriaMethod_whenHackedCustomerId_thenReturnNoAccounts() {
List<AccountDTO> accounts = target.safeJpaCriteriaFindAccountsByCustomerId("C1' or '1'='1");
assertThat(accounts).isNotNull();
assertThat(accounts).isEmpty();
}
@Test(expected = IllegalArgumentException.class)
public void givenASafeMethod_whenInvalidOrderBy_thenThroweException() {
target.safeFindAccountsByCustomerId("C1", "INVALID");
}
@Test(expected = Exception.class)
public void givenWrongPlaceholderUsageMethod_whenNormalCall_thenThrowsException() {
target.wrongCountRecordsByTableName("Accounts");
}
@Test(expected = Exception.class)
public void givenWrongJpaPlaceholderUsageMethod_whenNormalCall_thenThrowsException() {
target.wrongJpaCountRecordsByTableName("Accounts");
}
}
@@ -0,0 +1,18 @@
#
# Test profile configuration
#
spring:
liquibase:
change-log: db/changelog/db.changelog-master.xml
jpa:
hibernate:
ddl-auto: none
datasource:
initialization-mode: embedded
logging:
level:
sql: DEBUG
@@ -0,0 +1,4 @@
insert into Accounts(customer_id,acc_number,branch_id,balance) values ('C1','0001',1,1000.00);
insert into Accounts(customer_id,acc_number,branch_id,balance) values ('C2','0002',1,500.00);
insert into Accounts(customer_id,acc_number,branch_id,balance) values ('C3','0003',1,501.00);
@@ -0,0 +1,7 @@
create table Accounts (
id BIGINT NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 1, INCREMENT BY 1),
customer_id varchar(16) not null,
acc_number varchar(16) not null,
branch_id decimal(8,0),
balance decimal(16,4)
);