test: quotes are escaped #432
Conversation
sezanzeb
changed the title
There was a problem hiding this comment.
Thank @sezanzeb you for a PR, but I think that your changes do not bring any additional value to this library. The flux tagged template is designed exactly for the purpose that you double-checked, it is properly documented this way in https://influxdata.github.io/influxdb-client-js/influxdb-client.flux.html . All the possible value types and escape sequences are already tested thoroughly in flux.test.ts. A possible (but not a necessary improvement) would be to add
if (pair.value !== undefined) {
expect(flux`${pair.value}`.toString()).equals(pair.flux)
} else {
expect(() => flux`${pair.value}`.toString()).to.throw(
"Unsupported parameter literal 'undefined' at index: 0, type: undefined"
)
}
right after
it will then extra test all parameter types and escape sequences within the flux tagged template.
|
The only test that uses doubles quotes in it('processes a simple nested flux template', () => {
const flux1 = flux`from(bucket:"my-bucket")`
expect(flux`${flux1} |> range(start: ${0})")`.toString()).equals(
'from(bucket:"my-bucket") |> range(start: 0)")'
)
})but it is different. The new test that I added tries to insert a string containing a double-quote into another set of double-quotes in the target. There is no test that expects an escaped double-quote: or what am I missing here? There just isn't a test that makes sure that a user-defined string (like |
|
Thank you for your feedback. |
Proposed Changes
Just adds a single test. I was investigating how to use
fluxbut couldn't see if this escapes and prevents injection attacks.Checklist
yarn testcompletes successfully