Skip to content

Commit 4eec03e

Browse files
lwasylowlwasylow
committed
Update to code to address sql injection concerns.
Dealing with precedence. Adding some more tests.
1 parent 7b9e085 commit 4eec03e

5 files changed

Lines changed: 123 additions & 77 deletions

File tree

source/core/coverage/ut_coverage.pkb

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ create or replace package body ut_coverage is
133133
end if;
134134

135135
if a_coverage_options.exclude_object_expr is not null then
136-
l_regex_exc_filters := l_regex_exc_filters||q'[ and not regexp_like(s.name,:a_exclude_obj_expr:,'i')]';
136+
l_regex_exc_filters := l_regex_exc_filters||q'[ and not regexp_like(s.name,:a_exclude_obj_expr,'i')]';
137137
else
138138
l_regex_exc_filters := l_regex_exc_filters||'and :a_exclude_obj_expr is null ';
139139
end if;
@@ -147,7 +147,7 @@ create or replace package body ut_coverage is
147147
l_result := replace(l_result, '{mappings_cardinality}', l_mappings_cardinality);
148148
l_result := replace(l_result, '{skipped_objects_cardinality}', ut_utils.scale_cardinality(cardinality(a_skip_objects)));
149149
l_result := replace(l_result, '{regex_exc_filters}', l_regex_exc_filters);
150-
150+
151151
return l_result;
152152

153153
end;
@@ -159,7 +159,11 @@ create or replace package body ut_coverage is
159159
begin
160160
if not is_develop_mode() then
161161
--skip all the utplsql framework objects and all the unit test packages that could potentially be reported by coverage.
162-
l_skip_objects := ut_utils.get_utplsql_objects_list() multiset union all coalesce(a_coverage_options.exclude_objects, ut_object_names());
162+
l_skip_objects := coalesce(ut_utils.get_utplsql_objects_list(),ut_object_names());
163+
--Regex exclusion override the standard exclusion objects.
164+
if a_coverage_options.exclude_schema_expr is null and a_coverage_options.exclude_object_expr is null then
165+
l_skip_objects := l_skip_objects multiset union all coalesce(a_coverage_options.exclude_objects, ut_object_names());
166+
end if;
163167
end if;
164168

165169
l_sql := get_cov_sources_sql(a_coverage_options, l_skip_objects);
@@ -168,12 +172,12 @@ create or replace package body ut_coverage is
168172

169173
if a_coverage_options.file_mappings is not empty then
170174
open l_cursor for l_sql using a_coverage_options.file_mappings,a_coverage_options.exclude_schema_expr,a_coverage_options.exclude_object_expr,l_skip_objects;
171-
elsif a_coverage_options.include_objects is not empty then
172-
open l_cursor for l_sql using a_coverage_options.include_objects,a_coverage_options.exclude_schema_expr,a_coverage_options.exclude_object_expr,l_skip_objects;
173175
elsif a_coverage_options.include_schema_expr is not null or a_coverage_options.include_object_expr is not null then
174176
open l_cursor for l_sql using a_coverage_options.include_schema_expr,a_coverage_options.include_object_expr,
175177
a_coverage_options.exclude_schema_expr,a_coverage_options.exclude_object_expr,
176178
l_skip_objects;
179+
elsif a_coverage_options.include_objects is not empty then
180+
open l_cursor for l_sql using a_coverage_options.include_objects,a_coverage_options.exclude_schema_expr,a_coverage_options.exclude_object_expr,l_skip_objects;
177181
else
178182
open l_cursor for l_sql using a_coverage_options.schema_names,a_coverage_options.exclude_schema_expr,a_coverage_options.exclude_object_expr,l_skip_objects;
179183
end if;

test/ut3_tester_helper/coverage_helper.pkb

Lines changed: 27 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -158,14 +158,14 @@ create or replace package body coverage_helper is
158158

159159
end;
160160

161-
procedure create_regex_dummy_cov is
161+
procedure create_regex_dummy_for_schema(p_schema in varchar2) is
162162
pragma autonomous_transaction;
163163
begin
164-
execute immediate q'[create or replace package ut3_develop.regex_dummy_cov is
164+
execute immediate q'[create or replace package ]'||p_schema||q'[.regex_dummy_cov is
165165
procedure do_stuff(i_input in number);
166166
end;]';
167167

168-
execute immediate q'[create or replace package body ut3_develop.regex_dummy_cov is
168+
execute immediate q'[create or replace package body ]'||p_schema||q'[.regex_dummy_cov is
169169
procedure do_stuff(i_input in number) is
170170
begin
171171
if i_input = 2 then dbms_output.put_line('should not get here'); elsif i_input = 1 then dbms_output.put_line('should get here');
@@ -175,39 +175,38 @@ create or replace package body coverage_helper is
175175
end;
176176
end;]';
177177

178-
execute immediate q'[create or replace package ut3_develop.test_regex_dummy_cov is
178+
execute immediate q'[create or replace package ]'||p_schema||q'[.test_regex_dummy_cov is
179179
--%suite(dummy coverage test)
180180
--%suitepath(coverage_testing)
181181

182182
--%test
183183
procedure test_do_stuff;
184184

185+
--%test
186+
procedure zero_coverage;
185187
end;]';
186188

187-
execute immediate q'[create or replace package body ut3_develop.test_regex_dummy_cov is
189+
execute immediate q'[create or replace package body ]'||p_schema||q'[.test_regex_dummy_cov is
188190
procedure test_do_stuff is
189191
begin
190192
regex_dummy_cov.do_stuff(1);
191193
ut.expect(1).to_equal(1);
192194
end;
195+
procedure zero_coverage is
196+
begin
197+
null;
198+
end;
193199
end;]';
194200
end;
195-
196-
procedure drop_regex_dummy_cov is
197-
pragma autonomous_transaction;
198-
begin
199-
begin execute immediate q'[drop package ut3_develop.regex_dummy_cov]'; exception when others then null; end;
200-
begin execute immediate q'[drop package ut3_develop.test_regex_dummy_cov]'; exception when others then null; end;
201-
end;
202201

203-
procedure create_regex_dummy_for_schema(p_schema in varchar2) is
202+
procedure create_regex_dummy_obj is
204203
pragma autonomous_transaction;
205204
begin
206-
execute immediate q'[create or replace package ]'||p_schema||q'[.regex_dummy_cov_schema is
205+
execute immediate q'[create or replace package ut3_develop.regex123_dummy_cov is
207206
procedure do_stuff(i_input in number);
208207
end;]';
209208

210-
execute immediate q'[create or replace package body ]'||p_schema||q'[.regex_dummy_cov_schema is
209+
execute immediate q'[create or replace package body ut3_develop.regex123_dummy_cov is
211210
procedure do_stuff(i_input in number) is
212211
begin
213212
if i_input = 2 then dbms_output.put_line('should not get here'); elsif i_input = 1 then dbms_output.put_line('should get here');
@@ -217,7 +216,7 @@ create or replace package body coverage_helper is
217216
end;
218217
end;]';
219218

220-
execute immediate q'[create or replace package ]'||p_schema||q'[.test_regex_dummy_cov_schema is
219+
execute immediate q'[create or replace package ut3_develop.test_regex123_dummy_cov is
221220
--%suite(dummy coverage test)
222221
--%suitepath(coverage_testing)
223222

@@ -228,10 +227,10 @@ create or replace package body coverage_helper is
228227
procedure zero_coverage;
229228
end;]';
230229

231-
execute immediate q'[create or replace package body ]'||p_schema||q'[.test_regex_dummy_cov_schema is
230+
execute immediate q'[create or replace package body ut3_develop.test_regex123_dummy_cov is
232231
procedure test_do_stuff is
233232
begin
234-
regex_dummy_cov_schema.do_stuff(1);
233+
regex123_dummy_cov.do_stuff(1);
235234
ut.expect(1).to_equal(1);
236235
end;
237236
procedure zero_coverage is
@@ -240,20 +239,23 @@ create or replace package body coverage_helper is
240239
end;
241240
end;]';
242241
end;
243-
244-
procedure create_regex_dummy_cov_schema is
242+
243+
procedure create_regex_dummy_cov is
245244
begin
246245
create_regex_dummy_for_schema('ut3_develop');
247246
create_regex_dummy_for_schema('ut3_tester_helper');
247+
create_regex_dummy_obj;
248248
end;
249249

250-
procedure drop_regex_dummy_cov_schema is
250+
procedure drop_regex_dummy_cov is
251251
pragma autonomous_transaction;
252252
begin
253-
begin execute immediate q'[drop package ut3_develop.regex_dummy_cov_schema]'; exception when others then null; end;
254-
begin execute immediate q'[drop package ut3_develop.test_regex_dummy_cov_schema]'; exception when others then null; end;
255-
begin execute immediate q'[drop package ut3_tester_helper.regex_dummy_cov_schema]'; exception when others then null; end;
256-
begin execute immediate q'[drop package ut3_tester_helper.test_regex_dummy_cov_schema]'; exception when others then null; end;
253+
begin execute immediate q'[drop package ut3_develop.regex_dummy_cov]'; exception when others then null; end;
254+
begin execute immediate q'[drop package ut3_develop.test_regex_dummy_cov]'; exception when others then null; end;
255+
begin execute immediate q'[drop package ut3_tester_helper.regex_dummy_cov]'; exception when others then null; end;
256+
begin execute immediate q'[drop package ut3_tester_helper.test_regex_dummy_cov]'; exception when others then null; end;
257+
begin execute immediate q'[drop package ut3_develop.regex123_dummy_cov]'; exception when others then null; end;
258+
begin execute immediate q'[drop package ut3_develop.test_regex123_dummy_cov]'; exception when others then null; end;
257259
end;
258260

259261

test/ut3_tester_helper/coverage_helper.pks

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,9 +17,6 @@ create or replace package coverage_helper is
1717
procedure create_regex_dummy_cov;
1818
procedure drop_regex_dummy_cov;
1919

20-
procedure create_regex_dummy_cov_schema;
21-
procedure drop_regex_dummy_cov_schema;
22-
2320
procedure create_cov_with_dbms_stats;
2421
procedure drop_cov_with_dbms_stats;
2522

test/ut3_user/reporters/test_coverage/test_extended_coverage.pkb

Lines changed: 76 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -107,74 +107,111 @@ create or replace package body test_extended_coverage is
107107
end;
108108

109109
procedure coverage_regex_include_schema is
110-
l_expected_ut3 clob;
111-
l_expected_help clob;
112-
l_actual_ut3 clob;
113-
l_actual_help clob;
114-
l_actual_both clob;
115-
110+
l_expected clob;
111+
l_not_expected clob;
112+
l_actual clob;
116113
begin
117114
--Arrange
118-
l_expected_ut3 := '%<file path="package body ut3_develop.test_regex_dummy_cov_schema">' ||
115+
l_expected := '%<file path="package body ut3_develop.regex_dummy_cov">' ||
119116
'%<lineToCover lineNumber="4" covered="true"/>%';
120-
l_expected_help := '%<file path="package body ut3_tester_helper.test_regex_dummy_cov_schema">' ||
117+
l_not_expected := '%<file path="package body ut3_tester_helper.regex_dummy_cov">' ||
121118
'%<lineToCover lineNumber="4" covered="true"/>%';
122119
--Act
123-
l_actual_ut3 :=
120+
l_actual :=
124121
ut3_tester_helper.coverage_helper.run_tests_as_job(
125122
q'[
126123
ut3_develop.ut.run(
127-
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov_schema', 'ut3_tester_helper.test_regex_dummy_cov_schema'),
124+
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov', 'ut3_tester_helper.test_regex_dummy_cov'),
128125
a_reporter=> ut3_develop.ut_coverage_sonar_reporter( ),
129-
a_include_schema_expr => '^ut3_develop'
126+
a_include_schema_expr => '^ut3_develop',
127+
a_include_objects => ut3_develop.ut_varchar2_list( 'ut3_tester_helper.regex_dummy_cov' )
130128
)
131129
]'
132-
);
133-
/*
134-
l_actual_help :=
130+
);
131+
--Assert
132+
ut.expect(l_actual).to_be_like(l_expected);
133+
ut.expect(l_actual).not_to_be_like(l_not_expected);
134+
end;
135+
136+
procedure coverage_regex_include_object is
137+
l_expected clob;
138+
l_not_expected clob;
139+
l_actual clob;
140+
begin
141+
--Arrange
142+
l_expected := '%<file path="package body ut3_develop.regex123_dummy_cov">' ||
143+
'%<lineToCover lineNumber="4" covered="true"/>%';
144+
l_not_expected := '%<file path="package body ut3_tester_helper.regex_dummy_cov">' ||
145+
'%<lineToCover lineNumber="4" covered="true"/>%';
146+
--Act
147+
l_actual :=
135148
ut3_tester_helper.coverage_helper.run_tests_as_job(
136149
q'[
137150
ut3_develop.ut.run(
138-
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov_schema', 'ut3_tester_helper.test_regex_dummy_cov_schema'),
151+
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov', 'ut3_develop.test_regex123_dummy_cov'),
139152
a_reporter=> ut3_develop.ut_coverage_sonar_reporter( ),
140-
a_include_schema_expr => '^ut3_tester_helper'
153+
a_include_object_expr => 'regex123',
154+
a_include_objects => ut3_develop.ut_varchar2_list( 'ut3_develop.regex_dummy_cov' )
141155
)
142156
]'
143-
);
157+
);
158+
--Assert
159+
ut.expect(l_actual).to_be_like(l_expected);
160+
ut.expect(l_actual).not_to_be_like(l_not_expected);
161+
end;
144162

145-
l_actual_both :=
163+
procedure coverage_regex_exclude_schema is
164+
l_expected clob;
165+
l_not_expected clob;
166+
l_actual clob;
167+
begin
168+
--Arrange
169+
l_expected := '%<file path="package body ut3_develop.regex_dummy_cov">' ||
170+
'%<lineToCover lineNumber="4" covered="true"/>%';
171+
l_not_expected := '%<file path="package body ut3_tester_helper.regex_dummy_cov">' ||
172+
'%<lineToCover lineNumber="4" covered="true"/>%';
173+
--Act
174+
l_actual :=
146175
ut3_tester_helper.coverage_helper.run_tests_as_job(
147176
q'[
148177
ut3_develop.ut.run(
149-
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov_schema', 'ut3_tester_helper.test_regex_dummy_cov_schema'),
178+
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov', 'ut3_tester_helper.test_regex_dummy_cov'),
150179
a_reporter=> ut3_develop.ut_coverage_sonar_reporter( ),
151-
a_include_schema_expr => '^ut3_tester_helper||^ut3_tester_helper'
180+
a_exclude_schema_expr => '^ut3_tester',
181+
a_exclude_objects => ut3_develop.ut_varchar2_list( 'ut3_develop.regex_dummy_cov' )
152182
)
153183
]'
154-
);
155-
*/
184+
);
156185
--Assert
157-
ut.expect(l_actual_ut3).to_be_like(l_expected_ut3);
158-
ut.expect(l_actual_ut3).not_to_be_like(l_expected_help);
159-
--ut.expect(l_actual_help).to_be_like(l_expected_help);
160-
--ut.expect(l_actual_help).not_to_be_like(l_expected_ut3);
161-
--ut.expect(l_actual_both).to_be_like(l_expected_ut3);
162-
--ut.expect(l_actual_both).to_be_like(l_expected_help);
163-
end;
164-
165-
procedure coverage_regex_include_object is
166-
begin
167-
null;
168-
end;
169-
170-
procedure coverage_regex_exclude_schema is
171-
begin
172-
null;
186+
ut.expect(l_actual).to_be_like(l_expected);
187+
ut.expect(l_actual).not_to_be_like(l_not_expected);
173188
end;
174189

175190
procedure coverage_regex_exclude_object is
191+
l_expected clob;
192+
l_not_expected clob;
193+
l_actual clob;
176194
begin
177-
null;
195+
--Arrange
196+
l_expected := '%<file path="package body ut3_develop.regex_dummy_cov">' ||
197+
'%<lineToCover lineNumber="4" covered="true"/>%';
198+
l_not_expected := '%<file path="package body ut3_tester_helper.regex123_dummy_cov">' ||
199+
'%<lineToCover lineNumber="4" covered="true"/>%';
200+
--Act
201+
l_actual :=
202+
ut3_tester_helper.coverage_helper.run_tests_as_job(
203+
q'[
204+
ut3_develop.ut.run(
205+
a_paths => ut3_develop.ut_varchar2_list('ut3_develop.test_regex_dummy_cov', 'ut3_develop.test_regex123_dummy_cov'),
206+
a_reporter=> ut3_develop.ut_coverage_sonar_reporter( ),
207+
a_exclude_object_expr => 'regex123',
208+
a_exclude_objects => ut3_develop.ut_varchar2_list( 'ut3_develop.regex_dummy_cov' )
209+
)
210+
]'
211+
);
212+
--Assert
213+
ut.expect(l_actual).to_be_like(l_expected);
214+
ut.expect(l_actual).not_to_be_like(l_not_expected);
178215
end;
179216

180217
end;

test/ut3_user/reporters/test_coverage/test_extended_coverage.pks

Lines changed: 11 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,18 +18,24 @@ create or replace package test_extended_coverage is
1818
--%test(Extended coverage does not fail the test run then tested code calls DBMS_STATS)
1919
procedure coverage_with_dbms_stats;
2020

21-
--%beforetest(ut3_tester_helper.coverage_helper.create_regex_dummy_cov_schema)
22-
--%aftertest(ut3_tester_helper.coverage_helper.drop_regex_dummy_cov_schema)
21+
--%beforetest(ut3_tester_helper.coverage_helper.create_regex_dummy_cov)
22+
--%aftertest(ut3_tester_helper.coverage_helper.drop_regex_dummy_cov)
2323
--%test(Collect coverage for objects with schema regex include)
2424
procedure coverage_regex_include_schema;
2525

26-
--%test(Collect coverage for objects with schema regex include)
26+
--%beforetest(ut3_tester_helper.coverage_helper.create_regex_dummy_cov)
27+
--%aftertest(ut3_tester_helper.coverage_helper.drop_regex_dummy_cov)
28+
--%test(Collect coverage for objects with object regex include)
2729
procedure coverage_regex_include_object;
2830

29-
--%test(Collect coverage for objects with schema regex include)
31+
--%beforetest(ut3_tester_helper.coverage_helper.create_regex_dummy_cov)
32+
--%aftertest(ut3_tester_helper.coverage_helper.drop_regex_dummy_cov)
33+
--%test(Collect coverage for objects with schema regex exclude)
3034
procedure coverage_regex_exclude_schema;
3135

32-
--%test(Collect coverage for objects with schema regex include)
36+
--%beforetest(ut3_tester_helper.coverage_helper.create_regex_dummy_cov)
37+
--%aftertest(ut3_tester_helper.coverage_helper.drop_regex_dummy_cov)
38+
--%test(Collect coverage for objects with object regex exclude)
3339
procedure coverage_regex_exclude_object;
3440

3541
end;

0 commit comments

Comments
 (0)