SQLite

Check-in [701a73918d]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Finish out the test suite for the new sqlite_set_authorizer API. (CVS 834)
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 701a73918db22fd134a8b959670ba7a4a908c8c5
User & Date: drh 2003-01-14 13:48:21.000
Context
2003-01-16
13:42
Improvements to the pager to help large updates against a large database run faster. Also improved the testing of the pager rollback algorithms. (CVS 835) (check-in: 717523d375 user: drh tags: trunk)
2003-01-14
13:48
Finish out the test suite for the new sqlite_set_authorizer API. (CVS 834) (check-in: 701a73918d user: drh tags: trunk)
02:54
Fix a memory leak in the PRAGMA authorization code. (CVS 833) (check-in: ba58979f2f user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to test/auth.test.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 2003 January 12
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script testing the sqlite_set_authorizer() API.
#
# $Id: auth.test,v 1.3 2003/01/14 02:49:28 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

if {[info command sqlite_set_authorizer]!=""} {














|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# 2003 January 12
#
# The author disclaims copyright to this source code.  In place of
# a legal notice, here is a blessing:
#
#    May you do good and not evil.
#    May you find forgiveness for yourself and forgive others.
#    May you share freely, never taking more than you give.
#
#***********************************************************************
# This file implements regression tests for SQLite library.  The
# focus of this script testing the sqlite_set_authorizer() API.
#
# $Id: auth.test,v 1.4 2003/01/14 13:48:21 drh Exp $
#

set testdir [file dirname $argv0]
source $testdir/tester.tcl

if {[info command sqlite_set_authorizer]!=""} {

1505
1506
1507
1508
1509
1510
1511





1512






































































































































1513
1514
1515
do_test auth-1.238 {
  set ::authargs
} {full_column_names OFF}
do_test auth-1.239 {
  execsql2 {SELECT a FROM t2}
} {a 11 a 7}













































































































































} ;# End of the "if( db command exists )"

finish_test







>
>
>
>
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
do_test auth-1.238 {
  set ::authargs
} {full_column_names OFF}
do_test auth-1.239 {
  execsql2 {SELECT a FROM t2}
} {a 11 a 7}

do_test auth-1.240 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_TRANSACTION"} {
      set ::authargs [list $arg1 $arg2]
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {BEGIN}
} {1 {not authorized}}
do_test auth-1.241 {
  set ::authargs
} {BEGIN {}}
do_test auth-1.242 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_TRANSACTION" && $arg1!="BEGIN"} {
      set ::authargs [list $arg1 $arg2]
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  catchsql {BEGIN; INSERT INTO t2 VALUES(44,55,66); COMMIT}
} {1 {not authorized}}
do_test auth-1.243 {
  set ::authargs
} {COMMIT {}}
do_test auth-1.244 {
  execsql {SELECT * FROM t2}
} {11 2 33 7 8 9 44 55 66}
do_test auth-1.245 {
  catchsql {ROLLBACK}
} {1 {not authorized}}
do_test auth-1.246 {
  set ::authargs
} {ROLLBACK {}}
do_test auth-1.247 {
  catchsql {END TRANSACTION}
} {1 {not authorized}}
do_test auth-1.248 {
  set ::authargs
} {COMMIT {}}
do_test auth-1.249 {
  sqlite_set_authorizer $::DB {}
  catchsql {ROLLBACK}
} {0 {}}
do_test auth-1.250 {
  execsql {SELECT * FROM t2}
} {11 2 33 7 8 9}

do_test auth-2.1 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
      return SQLITE_DENY
    }
    return SQLITE_OK
  }
  sqlite_set_authorizer $::DB ::auth
  execsql {CREATE TABLE t3(x INTEGER PRIMARY KEY, y, z)}
  catchsql {SELECT * FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.1 {
  catchsql {SELECT y,z FROM t3}
} {0 {}}
do_test auth-2.2 {
  catchsql {SELECT ROWID,y,z FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.3 {
  catchsql {SELECT OID,y,z FROM t3}
} {1 {access to t3.x is prohibited}}
do_test auth-2.4 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="x"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  execsql {INSERT INTO t3 VALUES(44,55,66)}
  catchsql {SELECT * FROM t3}
} {0 {{} 55 66}}
do_test auth-2.5 {
  catchsql {SELECT rowid,y,z FROM t3}
} {0 {{} 55 66}}
do_test auth-2.6 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t3" && $arg2=="ROWID"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t3}
} {0 {44 55 66}}
do_test auth-2.7 {
  catchsql {SELECT ROWID,y,z FROM t3}
} {0 {44 55 66}}
do_test auth-2.8 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT ROWID,b,c FROM t2}
} {0 {{} 2 33 {} 8 9}}
do_test auth-2.9 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg1=="t2" && $arg2=="ROWID"} {
      return bogus
    }
    return SQLITE_OK
  }
  catchsql {SELECT ROWID,b,c FROM t2}
} {1 {illegal return value (999) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
do_test auth-2.10 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_SELECT"} {
      return bogus
    }
    return SQLITE_OK
  }
  catchsql {SELECT ROWID,b,c FROM t2}
} {1 {illegal return value (1) from the authorization function - should be SQLITE_OK, SQLITE_IGNORE, or SQLITE_DENY}}
do_test auth-2.11 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg2=="a"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t2, t3}
} {0 {{} 2 33 44 55 66 {} 8 9 44 55 66}}
do_test auth-2.11 {
  proc auth {code arg1 arg2} {
    if {$code=="SQLITE_READ" && $arg2=="x"} {
      return SQLITE_IGNORE
    }
    return SQLITE_OK
  }
  catchsql {SELECT * FROM t2, t3}
} {0 {11 2 33 {} 55 66 7 8 9 {} 55 66}}

} ;# End of the "if( db command exists )"

finish_test