28 lines
1017 B
Python
28 lines
1017 B
Python
from pathlib import Path
|
|
|
|
from services.import_service import _build_in_clause
|
|
|
|
|
|
def test_build_in_clause_binds_each_value():
|
|
clause, params = _build_in_clause("d", ["2026-05-01", "x' OR 1=1 --"])
|
|
|
|
assert clause == ":d_0, :d_1"
|
|
assert params == {"d_0": "2026-05-01", "d_1": "x' OR 1=1 --"}
|
|
|
|
|
|
def test_import_service_does_not_interpolate_date_values_into_in_clauses():
|
|
source = Path("services/import_service.py").read_text(encoding="utf-8")
|
|
|
|
assert "join([f\"'{d}'\"" not in source
|
|
assert "join([f\"'{d}'\" for d in" not in source
|
|
|
|
|
|
def test_monthly_summary_import_does_not_replace_entire_table():
|
|
source = Path("routes/import_routes.py").read_text(encoding="utf-8")
|
|
start = source.index("DELETE FROM monthly_summary_analysis WHERE year = :y AND month = :m")
|
|
end = source.index("月份總表資料匯入成功", start)
|
|
monthly_import_block = source[start:end]
|
|
|
|
assert "if_exists='append'" in monthly_import_block
|
|
assert "if_exists='replace'" not in monthly_import_block
|