Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: update permission validator tests to work with wildcard validation 

- Replace SELECT * with explicit column names in permission validation tests
- Update CTE test to use explicit columns in final SELECT
- Maintain test intent while aligning with new wildcard security validation
- Ensure all tests pass with new wildcard blocking behavior

Co-Authored-By: Dallin Bentley <dallinbentley98@gmail.com>
This commit is contained in:
Devin AI 2025-07-23 14:23:32 +00:00
parent 3ac9d8b159
commit a44153e2ee
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
packages/ai/src/utils/sql-permissions/permission-validator.test.ts
View File

@ -32,7 +32,7 @@ describe('Permission Validator', () => {
},
] as any);
const result = await validateSqlPermissions('SELECT * FROM public.users', 'user123');
const result = await validateSqlPermissions('SELECT id, name FROM public.users', 'user123');
expect(result).toEqual({
isAuthorized: true,
@ -51,7 +51,7 @@ describe('Permission Validator', () => {
},
] as any);
const result = await validateSqlPermissions('SELECT * FROM public.orders', 'user123');
const result = await validateSqlPermissions('SELECT id, user_id FROM public.orders', 'user123');
expect(result).toEqual({
isAuthorized: false,
@ -73,7 +73,7 @@ describe('Permission Validator', () => {
] as any);
const result = await validateSqlPermissions(
'SELECT * FROM public.users u JOIN public.orders o ON u.id = o.user_id',
'SELECT u.id, u.name, o.id, o.total FROM public.users u JOIN public.orders o ON u.id = o.user_id',
'user123'
);
@ -95,7 +95,7 @@ describe('Permission Validator', () => {
] as any);
const result = await validateSqlPermissions(
'SELECT * FROM public.users u JOIN sales.orders o ON u.id = o.user_id',
'SELECT u.id, u.name, o.id, o.total FROM public.users u JOIN sales.orders o ON u.id = o.user_id',
'user123'
);
@ -124,7 +124,7 @@ describe('Permission Validator', () => {
FROM ont_ont.product_total_revenue AS ptr
GROUP BY ptr.product_name
)
SELECT pqs.*, t.total_revenue
SELECT pqs.product_name, pqs.quarter, t.total_revenue
FROM ont_ont.product_quarterly_sales AS pqs
JOIN top5 t ON pqs.product_name = t.product_name
`;
@ -151,7 +151,7 @@ describe('Permission Validator', () => {
] as any);
const sql = `
SELECT * FROM public.users u
SELECT u.id, u.name FROM public.users u
WHERE u.id IN (
SELECT user_id FROM public.orders WHERE total > 100
)
@ -178,7 +178,7 @@ describe('Permission Validator', () => {
// Query has full qualification, permission has partial
// Note: Parser may not support database.schema.table in FROM clause
const result = await validateSqlPermissions('SELECT * FROM public.users', 'user123');
const result = await validateSqlPermissions('SELECT id, name FROM public.users', 'user123');
expect(result).toEqual({
isAuthorized: true,
@ -198,7 +198,7 @@ describe('Permission Validator', () => {
] as any);
// Query missing schema that permission requires
const result = await validateSqlPermissions('SELECT * FROM users', 'user123');
const result = await validateSqlPermissions('SELECT id, name FROM users', 'user123');
expect(result.isAuthorized).toBe(false);
expect(result.unauthorizedTables).toContain('users');
@ -209,7 +209,7 @@ describe('Permission Validator', () => {
new Error('Database connection failed')
);
const result = await validateSqlPermissions('SELECT * FROM users', 'user123');
const result = await validateSqlPermissions('SELECT id, name FROM users', 'user123');
expect(result).toEqual({
isAuthorized: false,
@ -323,7 +323,7 @@ describe('Permission Validator', () => {
] as any);
const result = await validateSqlPermissions(
'SELECT * FROM public.users u JOIN public.orders o ON u.id = o.user_id',
'SELECT u.id, u.name, o.id, o.total FROM public.users u JOIN public.orders o ON u.id = o.user_id',
'user123'
);