Fixed CVE-2020-7471 -- Properly escaped StringAgg(delimiter) parameter.

author: Simon Charette <charette.s@gmail.com> 2019-12-31 12:46:06 -0500
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2020-02-03 08:49:13 +0100
commit: eb31d845323618d688ad429479c6dda973056136 (patch)
tree: e674d03c67e50a9a2c519c656a9e0553d1349163 /tests/postgres_tests
parent: 6b178a3e930f72069f3cda2e6a09d1b320fc09ec (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/tests/postgres_tests/test_aggregates.py b/tests/postgres_tests/test_aggregates.py
index af84f12e91..a1dbe4441c 100644
--- a/tests/postgres_tests/test_aggregates.py
+++ b/tests/postgres_tests/test_aggregates.py
@@ -169,6 +169,10 @@ class TestGeneralAggregate(PostgreSQLTestCase):
         with self.assertRaises(TypeError):
             AggregateTestModel.objects.aggregate(stringagg=StringAgg('char_field'))
 
+    def test_string_agg_delimiter_escaping(self):
+        values = AggregateTestModel.objects.aggregate(stringagg=StringAgg('char_field', delimiter="'"))
+        self.assertEqual(values, {'stringagg': "Foo1'Foo2'Foo4'Foo3"})
+
     def test_string_agg_charfield(self):
         values = AggregateTestModel.objects.aggregate(stringagg=StringAgg('char_field', delimiter=';'))
         self.assertEqual(values, {'stringagg': 'Foo1;Foo2;Foo4;Foo3'})
author	Simon Charette <charette.s@gmail.com>	2019-12-31 12:46:06 -0500
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2020-02-03 08:49:13 +0100
commit	eb31d845323618d688ad429479c6dda973056136 (patch)
tree	e674d03c67e50a9a2c519c656a9e0553d1349163 /tests/postgres_tests
parent	6b178a3e930f72069f3cda2e6a09d1b320fc09ec (diff)