diff options
| author | Danny Milosavljevic <dannym@scratchpost.org> | 2018-02-08 11:39:45 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2018-02-08 14:18:27 +0100 |
| commit | eb01f46987a583f0bce94de230d749b1d8f16b99 (patch) | |
| tree | b7f038f0af2d2655b6d26363f1fc7460f9994f57 /tests | |
| parent | e656f42571832d78e5cbe743601e1fcd13916b93 (diff) | |
| download | cuirass-eb01f46987a583f0bce94de230d749b1d8f16b99.tar cuirass-eb01f46987a583f0bce94de230d749b1d8f16b99.tar.gz | |
database: Use 'sqlite-bind' to avoid SQL injection.
* src/cuirass/database.scm (%sqlite-exec): Remove.
(sqlite-exec): Turn back into a procedure. Use 'sqlite-bind'. Add
'normalize' procedure and use it.
(db-add-specification, db-add-derivation, db-get-derivation)
(db-add-evaluation, db-add-build, db-update-build-status!)
(db-get-build, db-get-stamp, db-add-stamp): Use question marks in SQL
queries.
* src/cuirass/base.scm (build-packages)[register]: Make #:log
non-false.
* tests/database.scm (make-dummy-job): Add #:job-name, #:system,
#:nix-name, and #:eval-id. This is necessary because 'sqlite-bind'
would now translate #f to a real NULL (before it would translate to the
string "#f"...), and would thus report violations of the non-NULL
constraint.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/database.scm | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/tests/database.scm b/tests/database.scm index 217ddde..65a10a8 100644 --- a/tests/database.scm +++ b/tests/database.scm @@ -40,8 +40,12 @@ (define* (make-dummy-job #:optional (name "foo")) `((#:name . ,name) + (#:job-name . "job") + (#:system . "x86_64-linux") (#:derivation . ,(string-append name ".drv")) - (#:specification 0))) + (#:nix-name . "foo") + (#:specification 0) + (#:eval-id . 42))) (define* (make-dummy-derivation drv #:optional (eval-id 0)) `((#:derivation . ,drv) |