diff options
author | David Rothstein <drothstein@gmail.com> | 2014-10-15 10:36:05 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2014-10-15 10:36:05 -0400 |
commit | 449c7028749767f2de5eff4bbba04ba27346056f (patch) | |
tree | 52a4717cf1fcb2e9017ba0d85c0cc119a149d8a7 /modules/simpletest | |
parent | 26a7752c34321fd9cb889308f507ca6bdb777f08 (diff) | |
download | brdo-449c7028749767f2de5eff4bbba04ba27346056f.tar.gz brdo-449c7028749767f2de5eff4bbba04ba27346056f.tar.bz2 |
Tests for SA-CORE-2014-005 by Stefan Horst, greggles, larowlan, David_Rothstein, klausi
Diffstat (limited to 'modules/simpletest')
-rw-r--r-- | modules/simpletest/tests/database_test.test | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/modules/simpletest/tests/database_test.test b/modules/simpletest/tests/database_test.test index dba04b27b..209bf6813 100644 --- a/modules/simpletest/tests/database_test.test +++ b/modules/simpletest/tests/database_test.test @@ -3384,6 +3384,34 @@ class DatabaseQueryTestCase extends DatabaseTestCase { $this->assertEqual(count($names), 3, 'Correct number of names returned'); } + + /** + * Test SQL injection via database query array arguments. + */ + public function testArrayArgumentsSQLInjection() { + // Attempt SQL injection and verify that it does not work. + $condition = array( + "1 ;INSERT INTO {test} SET name = 'test12345678'; -- " => '', + '1' => '', + ); + try { + db_query("SELECT * FROM {test} WHERE name = :name", array(':name' => $condition))->fetchObject(); + $this->fail('SQL injection attempt via array arguments should result in a PDOException.'); + } + catch (PDOException $e) { + $this->pass('SQL injection attempt via array arguments should result in a PDOException.'); + } + + // Test that the insert query that was used in the SQL injection attempt did + // not result in a row being inserted in the database. + $result = db_select('test') + ->condition('name', 'test12345678') + ->countQuery() + ->execute() + ->fetchField(); + $this->assertFalse($result, 'SQL injection attempt did not result in a row being inserted in the database table.'); + } + } /** |