18 lines
554 B
Python
18 lines
554 B
Python
from pathlib import Path
|
|
|
|
from services.import_service import _build_in_clause
|
|
|
|
|
|
def test_build_in_clause_binds_each_value():
|
|
clause, params = _build_in_clause("d", ["2026-05-01", "x' OR 1=1 --"])
|
|
|
|
assert clause == ":d_0, :d_1"
|
|
assert params == {"d_0": "2026-05-01", "d_1": "x' OR 1=1 --"}
|
|
|
|
|
|
def test_import_service_does_not_interpolate_date_values_into_in_clauses():
|
|
source = Path("services/import_service.py").read_text(encoding="utf-8")
|
|
|
|
assert "join([f\"'{d}'\"" not in source
|
|
assert "join([f\"'{d}'\" for d in" not in source
|