Skip to content

Commit e8a28df

Browse files
myerekapanmyerekapan
committed
test: add checkRLSAdvisory unit tests with pgtest mock
1 parent 6f4667a commit e8a28df

1 file changed

Lines changed: 62 additions & 0 deletions

File tree

internal/db/query/advisory_test.go

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,13 +2,75 @@ package query
22

33
import (
44
"bytes"
5+
"context"
56
"encoding/json"
67
"testing"
78

9+
"github.com/jackc/pgconn"
810
"github.com/stretchr/testify/assert"
911
"github.com/stretchr/testify/require"
12+
"github.com/supabase/cli/internal/utils"
13+
"github.com/supabase/cli/pkg/pgtest"
1014
)
1115

16+
func TestCheckRLSAdvisoryWithUnprotectedTables(t *testing.T) {
17+
utils.Config.Hostname = "127.0.0.1"
18+
utils.Config.Db.Port = 5432
19+
20+
conn := pgtest.NewConn()
21+
defer conn.Close(t)
22+
conn.Query(rlsCheckSQL).
23+
Reply("SELECT 2", []any{"public.users"}, []any{"public.posts"})
24+
25+
config := pgconn.Config{
26+
Host: "127.0.0.1",
27+
Port: 5432,
28+
User: "admin",
29+
Password: "password",
30+
Database: "postgres",
31+
}
32+
pgConn, err := utils.ConnectByConfig(context.Background(), config, conn.Intercept)
33+
require.NoError(t, err)
34+
defer pgConn.Close(context.Background())
35+
36+
advisory := checkRLSAdvisory(context.Background(), pgConn)
37+
require.NotNil(t, advisory)
38+
assert.Equal(t, "rls_disabled", advisory.ID)
39+
assert.Equal(t, 1, advisory.Priority)
40+
assert.Equal(t, "critical", advisory.Level)
41+
assert.Contains(t, advisory.Message, "2 table(s)")
42+
assert.Contains(t, advisory.Message, "public.users")
43+
assert.Contains(t, advisory.Message, "public.posts")
44+
assert.Equal(t,
45+
"ALTER TABLE public.users ENABLE ROW LEVEL SECURITY;\nALTER TABLE public.posts ENABLE ROW LEVEL SECURITY;",
46+
advisory.RemediationSQL,
47+
)
48+
}
49+
50+
func TestCheckRLSAdvisoryNoUnprotectedTables(t *testing.T) {
51+
utils.Config.Hostname = "127.0.0.1"
52+
utils.Config.Db.Port = 5432
53+
54+
conn := pgtest.NewConn()
55+
defer conn.Close(t)
56+
conn.Query(rlsCheckSQL).
57+
Reply("SELECT 0")
58+
59+
config := pgconn.Config{
60+
Host: "127.0.0.1",
61+
Port: 5432,
62+
User: "admin",
63+
Password: "password",
64+
Database: "postgres",
65+
}
66+
pgConn, err := utils.ConnectByConfig(context.Background(), config, conn.Intercept)
67+
require.NoError(t, err)
68+
defer pgConn.Close(context.Background())
69+
70+
advisory := checkRLSAdvisory(context.Background(), pgConn)
71+
assert.Nil(t, advisory)
72+
}
73+
1274
func TestWriteJSONWithAdvisory(t *testing.T) {
1375
advisory := &Advisory{
1476
ID: "rls_disabled",

0 commit comments

Comments
 (0)