summaryrefslogtreecommitdiff
path: root/tests/postgres_tests/test_hstore.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/postgres_tests/test_hstore.py')
-rw-r--r--tests/postgres_tests/test_hstore.py17
1 files changed, 16 insertions, 1 deletions
diff --git a/tests/postgres_tests/test_hstore.py b/tests/postgres_tests/test_hstore.py
index a51cb4e66f..f322231a4e 100644
--- a/tests/postgres_tests/test_hstore.py
+++ b/tests/postgres_tests/test_hstore.py
@@ -1,8 +1,11 @@
import json
from django.core import checks, exceptions, serializers
+from django.db import connection
from django.forms import Form
-from django.test.utils import isolate_apps, modify_settings
+from django.test.utils import (
+ CaptureQueriesContext, isolate_apps, modify_settings,
+)
from . import PostgreSQLTestCase
from .models import HStoreModel, PostgreSQLModel
@@ -189,6 +192,18 @@ class TestQuerying(HStoreTestCase):
self.objs[:2]
)
+ def test_key_sql_injection(self):
+ with CaptureQueriesContext(connection) as queries:
+ self.assertFalse(
+ HStoreModel.objects.filter(**{
+ "field__test' = 'a') OR 1 = 1 OR ('d": 'x',
+ }).exists()
+ )
+ self.assertIn(
+ """."field" -> 'test'' = ''a'') OR 1 = 1 OR (''d') = 'x' """,
+ queries[0]['sql'],
+ )
+
@isolate_apps('postgres_tests')
class TestChecks(PostgreSQLTestCase):
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 06:31:44 +0000