dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity
Files
7747f25c9e339d11710ac8e4379a2b50d91b3f34
ScadaBridge/tests/ZB.MOM.WW.ScadaBridge.InboundAPI.Tests/InboundDatabaseHelperTests.cs
T
Joseph Doherty b3c9014379 fix(inbound): authorize+secure Database helper, async/deadline-bound DB, wait-timeout-bound WaitForAttribute 
Resolves InboundAPI-026/027/028/029 (+ newly-surfaced -030).

- 026: authorize the scoped Database helper in the design doc; SQL-injection
  protection is parameter binding (values never concatenated); allow writes via
  ExecuteAsync; drop the false 'read-only' claim. Named connections only.
- 027: async ADO.NET end-to-end (no .GetAwaiter().GetResult()); honour the method
  deadline token on ExecuteScalarAsync/ExecuteReaderAsync/ExecuteNonQueryAsync +
  a CommandTimeout backstop derived from the method timeout.
- 028: negative-path tests (null-gateway, deadline cancellation, parameterization)
  + e2e Database + WaitForAttribute cases through the real endpoint.
- 029: WaitForAttribute is bounded by its WAIT timeout (per-wait CTS + client-abort
  + explicit token), NOT the method deadline (spec §6) — a long wait may outlive the
  method timeout; WithRequestAborted threads the raw client-abort token separately.
- 030: Central UI compile-surface mirrors (InboundScriptHost / SandboxInboundScriptHost)
  gained the Database member (drifted since the runtime helper was added) so the
  authorized async API type-checks at the design-time gate.
2026-06-23 22:00:17 -04:00

146 lines
6.7 KiB
C#
Raw Blame History

using System.Data.Common;
using Microsoft.Data.Sqlite;
using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Services;
using ZB.MOM.WW.ScadaBridge.Commons.Types;
using ZB.MOM.WW.ScadaBridge.InboundAPI;
using Xunit;
namespace ZB.MOM.WW.ScadaBridge.InboundAPI.Tests;
public class InboundDatabaseHelperTests
{
private sealed class SqliteGateway : IDatabaseGateway
{
private readonly string _cs;
// InboundAPI-027 test seam: when false the open ignores the passed token, so a
// pre-cancelled token surfaces at Execute/Read (not at open) — letting a test
// prove the EXECUTE path honours the deadline token, not just the open.
private readonly bool _honorTokenOnOpen;
public SqliteGateway(string cs, bool honorTokenOnOpen = true)
{ _cs = cs; _honorTokenOnOpen = honorTokenOnOpen; }
public async Task<DbConnection> GetConnectionAsync(string name, CancellationToken ct = default)
{ var c = new SqliteConnection(_cs); await c.OpenAsync(_honorTokenOnOpen ? ct : CancellationToken.None); return c; }
public Task<ExternalCallResult> CachedWriteAsync(string c, string s,
IReadOnlyDictionary<string, object?>? p = null, string? o = null, CancellationToken ct = default,
TrackedOperationId? t = null, Guid? e = null, string? src = null, Guid? pe = null)
=> throw new NotImplementedException();
}
private static SqliteGateway SeededGateway(bool honorTokenOnOpen = true)
{
var keep = new SqliteConnection("DataSource=file:movein?mode=memory&cache=shared");
keep.Open(); // keep-alive: shared in-memory db lives until process exit
using var cmd = keep.CreateCommand();
cmd.CommandText = "CREATE TABLE IF NOT EXISTS Machine(Code TEXT, SAPID TEXT); DELETE FROM Machine; INSERT INTO Machine VALUES('Z28061A','131453');";
cmd.ExecuteNonQuery();
return new SqliteGateway("DataSource=file:movein?mode=memory&cache=shared", honorTokenOnOpen);
}
[Fact]
public async Task QuerySingleAsync_returns_first_column_with_bound_parameter()
{
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var code = await helper.QuerySingleAsync<string>("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453" });
Assert.Equal("Z28061A", code);
}
[Fact]
public async Task QuerySingleAsync_returns_default_when_no_rows()
{
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var code = await helper.QuerySingleAsync<string>("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "999999" });
Assert.Null(code);
}
[Fact]
public async Task QueryAsync_returns_row_with_case_insensitive_keys()
{
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var rows = await helper.QueryAsync("BTDB", "SELECT Code, SAPID FROM Machine WHERE SAPID=@s", new { s = "131453" });
Assert.Single(rows);
var row = rows[0];
Assert.Equal("Z28061A", row["code"]);
Assert.Equal("Z28061A", row["CODE"]);
}
[Fact]
public async Task QueryAsync_returns_empty_list_when_no_rows_match()
{
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var rows = await helper.QueryAsync("BTDB", "SELECT Code, SAPID FROM Machine WHERE SAPID=@s", new { s = "999999" });
Assert.Empty(rows);
}
// --- InboundAPI-026: writes are permitted (design decision) ---
[Fact]
public async Task ExecuteAsync_performs_write_and_returns_rows_affected()
{
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var affected = await helper.ExecuteAsync(
"BTDB", "UPDATE Machine SET Code=@c WHERE SAPID=@s", new { c = "UPDATED", s = "131453" });
Assert.Equal(1, affected);
// The write actually landed (read it back through the same helper).
var code = await helper.QuerySingleAsync<string>("BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453" });
Assert.Equal("UPDATED", code);
}
// --- InboundAPI-026: SQL-injection protection — values are bound, not concatenated ---
[Fact]
public async Task ParameterValues_are_bound_not_concatenated()
{
// A classic injection payload as the parameter VALUE. If the helper concatenated
// it, "WHERE SAPID='131453' OR '1'='1'" would match the seeded row and return
// "Z28061A". Because the value is bound as a literal parameter, it matches no
// SAPID and the query returns null — proving the value never altered the SQL.
var helper = new InboundDatabaseHelper(SeededGateway(), CancellationToken.None);
var code = await helper.QuerySingleAsync<string>(
"BTDB", "SELECT Code FROM Machine WHERE SAPID=@s", new { s = "131453' OR '1'='1" });
Assert.Null(code);
}
// --- InboundAPI-028: negative paths ---
[Fact]
public async Task QuerySingleAsync_null_gateway_throws()
{
var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None);
await Assert.ThrowsAsync<InvalidOperationException>(
() => helper.QuerySingleAsync<string>("BTDB", "SELECT 1"));
}
[Fact]
public async Task QueryAsync_null_gateway_throws()
{
var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None);
await Assert.ThrowsAsync<InvalidOperationException>(
() => helper.QueryAsync("BTDB", "SELECT 1"));
}
[Fact]
public async Task ExecuteAsync_null_gateway_throws()
{
var helper = new InboundDatabaseHelper(gateway: null, CancellationToken.None);
await Assert.ThrowsAsync<InvalidOperationException>(
() => helper.ExecuteAsync("BTDB", "DELETE FROM Machine"));
}
// --- InboundAPI-027: the method-deadline token bounds the query on the EXECUTE path ---
[Fact]
public async Task QuerySingleAsync_honours_cancellation_token_on_execute()
{
// The gateway opens with None (so the open succeeds), but the helper forwards the
// pre-cancelled deadline token to ExecuteScalarAsync — which must observe it. This
// proves the fix threads the token past the connection open, where the old
// synchronous ExecuteScalar() ignored cancellation entirely.
using var cts = new CancellationTokenSource();
await cts.CancelAsync();
var helper = new InboundDatabaseHelper(SeededGateway(honorTokenOnOpen: false), cts.Token);
await Assert.ThrowsAnyAsync<OperationCanceledException>(
() => helper.QuerySingleAsync<string>("BTDB", "SELECT Code FROM Machine"));
}
}
Reference in New Issue View Git Blame Copy Permalink