using System.Data.Common; using Microsoft.Data.Sqlite; using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Services; using ZB.MOM.WW.ScadaBridge.Commons.Types; using ZB.MOM.WW.ScadaBridge.InboundAPI; using Xunit; namespace ZB.MOM.WW.ScadaBridge.InboundAPI.Tests; public class InboundDatabaseHelperTests { private sealed class SqliteGateway : IDatabaseGateway { private readonly string _cs; // InboundAPI-027 test seam: when false the open ignores the passed token, so a // pre-cancelled token surfaces at Execute/Read (not at open) — letting a test // prove the EXECUTE path honours the deadline token, not just the open. private readonly bool _honorTokenOnOpen; public SqliteGateway(string cs, bool honorTokenOnOpen = true) { _cs = cs; _honorTokenOnOpen = honorTokenOnOpen; } public async Task GetConnectionAsync(string name, CancellationToken ct = default) { var c = new SqliteConnection(_cs); await c.OpenAsync(_honorTokenOnOpen ? ct : CancellationToken.None); return c; } public Task CachedWriteAsync(string c, string s, IReadOnlyDictionary? p = null, string? o = null, CancellationToken ct = default, TrackedOperationId? t = null, Guid? e = null, string? src = null, Guid? pe = null) => throw new NotImplementedException(); } private static SqliteGateway SeededGateway(bool honorTokenOnOpen = true) { var keep = new SqliteConnection("DataSource=file:movein?mode=memory&cache=shared"); keep.Open(); // keep-alive: shared in-memory db lives until process exit using var cmd = keep.CreateCommand(); cmd.CommandText = "CREATE TABLE IF NOT EXISTS Machine(Code TEXT, SAPID TEXT); DELETE FROM Machine; INSERT INTO Machine VALUES('Z28061A','131453');"; cmd.ExecuteNonQuery(); return new SqliteGateway("DataSource=file:movein?mode=memory&cache=shared", honorTokenOnOpen); } [Fact] public async Task QuerySingleAsync_returns_first_column_with_bound_parameter() { var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var code = await helper.QuerySingleAsync("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453" }); Assert.Equal("Z28061A", code); } [Fact] public async Task QuerySingleAsync_returns_default_when_no_rows() { var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var code = await helper.QuerySingleAsync("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "999999" }); Assert.Null(code); } [Fact] public async Task QueryAsync_returns_row_with_case_insensitive_keys() { var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var rows = await helper.QueryAsync("BTDB", "SELECT Code, SAPID FROM Machine WHERE SAPID=@s", new { s = "131453" }); Assert.Single(rows); var row = rows[0]; Assert.Equal("Z28061A", row["code"]); Assert.Equal("Z28061A", row["CODE"]); } [Fact] public async Task QueryAsync_returns_empty_list_when_no_rows_match() { var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var rows = await helper.QueryAsync("BTDB", "SELECT Code, SAPID FROM Machine WHERE SAPID=@s", new { s = "999999" }); Assert.Empty(rows); } // --- InboundAPI-026: writes are permitted (design decision) --- [Fact] public async Task ExecuteAsync_performs_write_and_returns_rows_affected() { var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var affected = await helper.ExecuteAsync( "BTDB", "UPDATE Machine SET Code=@c WHERE SAPID=@s", new { c = "UPDATED", s = "131453" }); Assert.Equal(1, affected); // The write actually landed (read it back through the same helper). var code = await helper.QuerySingleAsync("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453" }); Assert.Equal("UPDATED", code); } // --- InboundAPI-026: SQL-injection protection — values are bound, not concatenated --- [Fact] public async Task ParameterValues_are_bound_not_concatenated() { // A classic injection payload as the parameter VALUE. If the helper concatenated // it, "WHERE SAPID='131453' OR '1'='1'" would match the seeded row and return // "Z28061A". Because the value is bound as a literal parameter, it matches no // SAPID and the query returns null — proving the value never altered the SQL. var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None); var code = await helper.QuerySingleAsync( "BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453' OR '1'='1" }); Assert.Null(code); } // --- InboundAPI-028: negative paths --- [Fact] public async Task QuerySingleAsync_null_gateway_throws() { var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None); await Assert.ThrowsAsync( () => helper.QuerySingleAsync("BTDB", "SELECT 1")); } [Fact] public async Task QueryAsync_null_gateway_throws() { var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None); await Assert.ThrowsAsync( () => helper.QueryAsync("BTDB", "SELECT 1")); } [Fact] public async Task ExecuteAsync_null_gateway_throws() { var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None); await Assert.ThrowsAsync( () => helper.ExecuteAsync("BTDB", "DELETE FROM Machine")); } // --- InboundAPI-027: the method-deadline token bounds the query on the EXECUTE path --- [Fact] public async Task QuerySingleAsync_honours_cancellation_token_on_execute() { // The gateway opens with None (so the open succeeds), but the helper forwards the // pre-cancelled deadline token to ExecuteScalarAsync — which must observe it. This // proves the fix threads the token past the connection open, where the old // synchronous ExecuteScalar() ignored cancellation entirely. using var cts = new CancellationTokenSource(); await cts.CancelAsync(); var helper = new InboundDatabaseHelper(SeededGateway(honorTokenOnOpen: false), cts.Token); await Assert.ThrowsAnyAsync( () => helper.QuerySingleAsync("BTDB", "SELECT Code FROM Machine")); } }