1

During unit Testing of Create Table API, I'm getting the below mentioned error :

pankaj:~/Downloads/googletest-release-1.8.0/src$ ./Test.out 

[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from AdditionTest
[ RUN      ] AdditionTest.twoValues
in sqliteDB constructor
in sqliteDB destructor

Pure virtual destructor is called from DBManager()
unknown file: Failure
C++ exception with description "basic_string::erase" thrown in the test body.
[  FAILED  ] AdditionTest.twoValues (0 ms)
[----------] 1 test from AdditionTest (0 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test case ran. (2 ms total)
[  PASSED  ] 0 tests.
[  FAILED  ] 1 test, listed below:
[  FAILED  ] AdditionTest.twoValues

 1 FAILED TEST

result: 1

Below mentioned is code to test createTable API ::

TEST_F(AdditionTest,twoValues){
    sqliteDB obj_sql;  
    std::vector<std::string> colNames;
    colNames.push_back("id");
    colNames.push_back("name");    
    pair<std::string, int> p1, p2;
    map<std::string, pair<string, int> > m1;
    p1 = make_pair("varchar", 10);
    p2 = make_pair("varchar", 10);
    m1["id"] = p1;
    m1["name"] = p2;
    tableData["table1"] = m1;
    EXPECT_EQ(9,obj_sql.createTable(colNames,tableData));
    //EXPECT_EQ(6,addition.twoValues(2,3));
}

Testing below mentioned API :::::

int sqliteDB::createTable(std::vector<std::string> tableName, tableStructure &tableContents)
{
    for(unsigned int i=0; i<tableName.size(); i++)
    {
        string s4;
        string query;

        for(auto it : tableContents[tableName[i]])
        {
            s4.append(it.first);
            s4.append(" ");
            s4.append(it.second.first);
            if(it.second.first == "varchar")
            {
                s4.append("(");
                s4.append(to_string(it.second.second));
                s4.append(")");
            }
            s4.append(",");
        }

        s4.pop_back();
        query.append("CREATE TABLE ");
        query.append(tableName[i]);
        query.append(" (");
        query.append(s4);
        query.append(")");
        cout<<"Create Query: "<<query<<endl;

        executeQuery(m_db, query);
    }
    return 0;   
}

What changes should I do in EXPECT_EQ(9,obj_sql.createTable(colNames,tableData)) to pass this test, or should I do changes somewhere else in code.

Justin
  • 24,288
  • 12
  • 92
  • 142
Pankaj Yadav
  • 11
  • 1
  • @Justin I think you mean "SQL injection". [Dependency injection](https://en.wikipedia.org/wiki/Dependency_injection) isn't a bad thing. – tadman Jul 04 '17 at 06:08
  • FWIW, this code is not safe; it is vulnerable to a SQL injection – Justin Jul 04 '17 at 06:09
  • If you're writing an ORM in C++ you should learn by example from others. Manually composing queries is extremely risky and should be avoided. Prepared statements with placeholder values are the best way to tackle this. – tadman Jul 04 '17 at 06:10

0 Answers0