Improve SQL sanitization

2025-04-04 13:07:36 +03:00 · 2024-09-09 19:45:02 -04:00 · 2024-09-09 19:45:02 -04:00 · 3107170afd
commit 3107170afd
parent d3bb4bb9a1
23 changed files with 259 additions and 159 deletions
--- a/persistence/sql_base_repository_test.go
+++ b/persistence/sql_base_repository_test.go
@ -73,40 +73,61 @@ var _ = Describe("sqlRepository", func() {
 		})
 	})

-	Describe("sortMapping", func() {
+	Describe("sanitizeSort", func() {
 		BeforeEach(func() {
+			r.registerModel(&struct {
+				Field string `structs:"field"`
+			}{}, nil)
 			r.sortMappings = map[string]string{
-				"sort1":      "mappedSort1",
-				"sortTwo":    "mappedSort2",
-				"sort_three": "mappedSort3",
+				"sort1": "mappedSort1",
 			}
 		})

-		It("returns the mapped value when sort key exists", func() {
-			Expect(r.sortMapping("sort1")).To(Equal("mappedSort1"))
-		})
+		When("sanitizing sort", func() {
+			It("returns empty if the sort key is not found in the model nor in the mappings", func() {
+				sort, _ := r.sanitizeSort("unknown", "")
+				Expect(sort).To(BeEmpty())
+			})

-		Context("when sort key does not exist", func() {
-			It("returns the original sort key, snake cased", func() {
-				Expect(r.sortMapping("NotFoundSort")).To(Equal("not_found_sort"))
+			It("returns the mapped value when sort key exists", func() {
+				sort, _ := r.sanitizeSort("sort1", "")
+				Expect(sort).To(Equal("mappedSort1"))
+			})
+
+			It("is case insensitive", func() {
+				sort, _ := r.sanitizeSort("Sort1", "")
+				Expect(sort).To(Equal("mappedSort1"))
+			})
+
+			It("returns the field if it is a valid field", func() {
+				sort, _ := r.sanitizeSort("field", "")
+				Expect(sort).To(Equal("field"))
+			})
+
+			It("is case insensitive for fields", func() {
+				sort, _ := r.sanitizeSort("FIELD", "")
+				Expect(sort).To(Equal("field"))
 			})
 		})
+		When("sanitizing order", func() {
+			It("returns 'asc' if order is empty", func() {
+				_, order := r.sanitizeSort("", "")
+				Expect(order).To(Equal(""))
+			})

-		Context("when sort key is camel cased", func() {
-			It("returns the mapped value when camel case sort key exists", func() {
-				Expect(r.sortMapping("sortTwo")).To(Equal("mappedSort2"))
+			It("returns 'asc' if order is 'asc'", func() {
+				_, order := r.sanitizeSort("", "ASC")
+				Expect(order).To(Equal("asc"))
 			})
-			It("returns the mapped value when passing a snake case key", func() {
-				Expect(r.sortMapping("sort_two")).To(Equal("mappedSort2"))
-			})
-		})

-		Context("when sort key is snake cased", func() {
-			It("returns the mapped value when snake case sort key exists", func() {
-				Expect(r.sortMapping("sort_three")).To(Equal("mappedSort3"))
+			It("returns 'desc' if order is 'desc'", func() {
+				_, order := r.sanitizeSort("", "desc")
+				Expect(order).To(Equal("desc"))
 			})
-			It("returns the mapped value when passing a camel case key", func() {
-				Expect(r.sortMapping("sortThree")).To(Equal("mappedSort3"))
+
+			It("returns 'asc' if order is unknown", func() {
+				_, order := r.sanitizeSort("", "something")
+				Expect(order).To(Equal("asc"))
 			})
 		})
 	})