add statement tests, rollback on error in autocommit

Kareem Zidane · Kareem Zidane · commit 839b1f1baca1 · 2021-04-13T12:40:34.000-04:00
diff --git a/src/cs50/_sql_util.py b/src/cs50/_sql_util.py
@@ -3,6 +3,14 @@
 import decimal
 
 
+def is_transaction_start(keyword):
+    return keyword in {"BEGIN", "START"}
+
+
+def is_transaction_end(keyword):
+    return keyword in {"COMMIT", "ROLLBACK"}
+
+
 def fetch_select_result(result):
     rows = [dict(row) for row in result.fetchall()]
     for row in rows:
diff --git a/src/cs50/_statement.py b/src/cs50/_statement.py
@@ -10,6 +10,7 @@
     is_operation_token,
     is_placeholder,
     is_string_literal,
+    operation_keywords,
     Paramstyle,
     parse_placeholder,
 )
@@ -50,7 +51,7 @@ def _get_operation_keyword(self):
         for token in self._statement:
             if is_operation_token(token.ttype):
                 token_value = token.value.upper()
-                if token_value in {"BEGIN", "DELETE", "INSERT", "SELECT", "START", "UPDATE"}:
+                if token_value in operation_keywords:
                     operation_keyword = token_value
                     break
         else:
diff --git a/src/cs50/_statement_util.py b/src/cs50/_statement_util.py
@@ -6,6 +6,18 @@
 import sqlparse
 
 
+operation_keywords = {
+    "BEGIN",
+    "COMMIT",
+    "DELETE",
+    "INSERT",
+    "ROLLBACK",
+    "SELECT",
+    "START",
+    "UPDATE"
+}
+
+
 class Paramstyle(enum.Enum):
     FORMAT = enum.auto()
     NAMED = enum.auto()
diff --git a/src/cs50/sql.py b/src/cs50/sql.py
@@ -8,7 +8,7 @@
 
 from ._session import Session
 from ._statement import Statement
-from ._sql_util import fetch_select_result
+from ._sql_util import fetch_select_result, is_transaction_start, is_transaction_end
 
 _logger = logging.getLogger("cs50")
 
@@ -26,7 +26,7 @@ def execute(self, sql, *args, **kwargs):
         """Execute a SQL statement."""
         statement = Statement(self._dialect, sql, *args, **kwargs)
         operation_keyword = statement.get_operation_keyword()
-        if operation_keyword in {"BEGIN", "START"}:
+        if is_transaction_start(operation_keyword):
             self._autocommit = False
 
         if self._autocommit:
@@ -36,11 +36,9 @@ def execute(self, sql, *args, **kwargs):
 
         if self._autocommit:
             self._session.execute("COMMIT")
-            self._session.remove()
 
-        if operation_keyword in {"COMMIT", "ROLLBACK"}:
+        if is_transaction_end(operation_keyword):
             self._autocommit = True
-            self._session.remove()
 
         if operation_keyword == "SELECT":
             ret = fetch_select_result(result)
@@ -51,8 +49,12 @@ def execute(self, sql, *args, **kwargs):
         else:
             ret = True
 
+        if self._autocommit:
+            self._session.remove()
+
         return ret
 
+
     def _execute(self, statement):
         # Catch SQLAlchemy warnings
         with warnings.catch_warnings():
@@ -62,6 +64,8 @@ def _execute(self, statement):
                 result = self._session.execute(statement)
             except sqlalchemy.exc.IntegrityError as exc:
                 _logger.debug(termcolor.colored(str(statement), "yellow"))
+                if self._autocommit:
+                    self._session.execute("ROLLBACK")
                 raise ValueError(exc.orig) from None
             except (sqlalchemy.exc.OperationalError, sqlalchemy.exc.ProgrammingError) as exc:
                 self._session.remove()
diff --git a/tests/test_statement.py b/tests/test_statement.py
@@ -0,0 +1,213 @@
+import unittest
+
+from unittest.mock import patch
+
+from cs50._statement import Statement
+from cs50._sql_sanitizer import SQLSanitizer
+
+class TestStatement(unittest.TestCase):
+    # TODO assert correct exception messages
+    def test_mutex_args_and_kwargs(self):
+        with self.assertRaises(RuntimeError):
+            Statement("", "", "test", foo="foo")
+
+        with self.assertRaises(RuntimeError):
+            Statement("", "", "test", 1, 2, foo="foo", bar="bar")
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_valid_qmark_count(self, *_):
+        Statement("", "SELECT * FROM test WHERE id = ?", 1)
+        Statement("", "SELECT * FROM test WHERE id = ? and val = ?", 1, 'test')
+        Statement("", "INSERT INTO test (id, val, is_valid) VALUES (?, ?, ?)", 1, 'test', True)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_invalid_qmark_count(self, *_):
+        def assert_invalid_count(sql, *args):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(args)}"):
+                Statement("", sql, *args)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = ?", ()),
+            ("SELECT * FROM test WHERE id = ?", (1, "test")),
+            ("SELECT * FROM test WHERE id = ? AND val = ?", (1,)),
+            ("SELECT * FROM test WHERE id = ? AND val = ?", ()),
+            ("SELECT * FROM test WHERE id = ? AND val = ?", (1, "test", True)),
+        ]
+
+        for sql, args in statements:
+            assert_invalid_count(sql, *args)
+
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_valid_format_count(self, *_):
+        Statement("", "SELECT * FROM test WHERE id = %s", 1)
+        Statement("", "SELECT * FROM test WHERE id = %s and val = %s", 1, 'test')
+        Statement("", "INSERT INTO test (id, val, is_valid) VALUES (%s, %s, %s)", 1, 'test', True)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_invalid_format_count(self, *_):
+        def assert_invalid_count(sql, *args):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(args)}"):
+                Statement("", sql, *args)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = %s", ()),
+            ("SELECT * FROM test WHERE id = %s", (1, "test")),
+            ("SELECT * FROM test WHERE id = %s AND val = ?", (1,)),
+            ("SELECT * FROM test WHERE id = %s AND val = ?", ()),
+            ("SELECT * FROM test WHERE id = %s AND val = ?", (1, "test", True)),
+        ]
+
+        for sql, args in statements:
+            assert_invalid_count(sql, *args)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_missing_numeric(self, *_):
+        def assert_missing_numeric(sql, *args):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(args)}"):
+                Statement("", sql, *args)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = :1", ()),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2", ()),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2", (1,)),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2 AND is_valid = :3", ()),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2 AND is_valid = :3", (1,)),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2 AND is_valid = :3", (1, "test")),
+        ]
+
+        for sql, args in statements:
+            assert_missing_numeric(sql, *args)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_unused_numeric(self, *_):
+        def assert_unused_numeric(sql, *args):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(args)}"):
+                Statement("", sql, *args)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = :1", (1, "test")),
+            ("SELECT * FROM test WHERE id = :1", (1, "test", True)),
+            ("SELECT * FROM test WHERE id = :1 AND val = :2", (1, "test", True)),
+        ]
+
+        for sql, args in statements:
+            assert_unused_numeric(sql, *args)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_missing_named(self, *_):
+        def assert_missing_named(sql, **kwargs):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(kwargs)}"):
+                Statement("", sql, **kwargs)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = :id", {}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val", {}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val", {"id": 1}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val AND is_valid = :is_valid", {}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val AND is_valid = :is_valid", {"id": 1}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val AND is_valid = :is_valid", {"id": 1, "val": "test"}),
+        ]
+
+        for sql, kwargs in statements:
+            assert_missing_named(sql, **kwargs)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_unused_named(self, *_):
+        def assert_unused_named(sql, **kwargs):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(kwargs)}"):
+                Statement("", sql, **kwargs)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = :id", {"id": 1, "val": "test"}),
+            ("SELECT * FROM test WHERE id = :id", {"id": 1, "val": "test", "is_valid": True}),
+            ("SELECT * FROM test WHERE id = :id AND val = :val", {"id": 1, "val": "test", "is_valid": True}),
+        ]
+
+        for sql, kwargs in statements:
+            assert_unused_named(sql, **kwargs)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_missing_pyformat(self, *_):
+        def assert_missing_pyformat(sql, **kwargs):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(kwargs)}"):
+                Statement("", sql, **kwargs)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = %(id)s", {}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s", {}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s", {"id": 1}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s AND is_valid = %(is_valid)s", {}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s AND is_valid = %(is_valid)s", {"id": 1}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s AND is_valid = %(is_valid)s", {"id": 1, "val": "test"}),
+        ]
+
+        for sql, kwargs in statements:
+            assert_missing_pyformat(sql, **kwargs)
+
+    @patch.object(SQLSanitizer, "escape", return_value="test")
+    @patch.object(Statement, "_escape_verbatim_colons")
+    def test_unused_pyformat(self, *_):
+        def assert_unused_pyformat(sql, **kwargs):
+            with self.assertRaises(RuntimeError, msg=f"{sql} {str(kwargs)}"):
+                Statement("", sql, **kwargs)
+
+        statements = [
+            ("SELECT * FROM test WHERE id = %(id)s", {"id": 1, "val": "test"}),
+            ("SELECT * FROM test WHERE id = %(id)s", {"id": 1, "val": "test", "is_valid": True}),
+            ("SELECT * FROM test WHERE id = %(id)s AND val = %(val)s", {"id": 1, "val": "test", "is_valid": True}),
+        ]
+
+        for sql, kwargs in statements:
+            assert_unused_pyformat(sql, **kwargs)
+
+    def test_multiple_statements(self):
+        def assert_raises_runtimeerror(sql):
+            with self.assertRaises(RuntimeError):
+                Statement("", sql)
+
+        statements = [
+            "SELECT 1; SELECT 2;",
+            "SELECT 1; SELECT 2",
+            "SELECT 1; SELECT 2; SELECT 3",
+            "SELECT 1; SELECT 2; SELECT 3;",
+            "SELECT 1;SELECT 2",
+            "select 1; select 2",
+            "select 1;select 2",
+            "DELETE FROM test; SELECT * FROM test",
+        ]
+
+        for sql in statements:
+            assert_raises_runtimeerror(sql)
+
+    def test_get_operation_keyword(self):
+        def test_raw_and_lowercase(sql, keyword):
+            statement = Statement("", sql)
+            self.assertEqual(statement.get_operation_keyword(), keyword)
+
+            statement = Statement("", sql.lower())
+            self.assertEqual(statement.get_operation_keyword(), keyword)
+
+
+        statements = [
+            ("SELECT * FROM test", "SELECT"),
+            ("INSERT INTO test (id, val) VALUES (1, 'test')", "INSERT"),
+            ("DELETE FROM test", "DELETE"),
+            ("UPDATE test SET id = 2", "UPDATE"),
+            ("START TRANSACTION", "START"),
+            ("BEGIN", "BEGIN"),
+            ("COMMIT", "COMMIT"),
+            ("ROLLBACK", "ROLLBACK"),
+        ]
+
+        for sql, keyword in statements:
+            test_raw_and_lowercase(sql, keyword)
