1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/persistentdata/persistentstorage/sql/TEST/t_sqlattach.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,825 @@
1.4 +// Copyright (c) 2006-2010 Nokia Corporation and/or its subsidiary(-ies).
1.5 +// All rights reserved.
1.6 +// This component and the accompanying materials are made available
1.7 +// under the terms of "Eclipse Public License v1.0"
1.8 +// which accompanies this distribution, and is available
1.9 +// at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.10 +//
1.11 +// Initial Contributors:
1.12 +// Nokia Corporation - initial contribution.
1.13 +//
1.14 +// Contributors:
1.15 +//
1.16 +// Description:
1.17 +//
1.18 +
1.19 +#include <e32test.h>
1.20 +#include <bautils.h>
1.21 +#include <sqldb.h>
1.22 +
1.23 +///////////////////////////////////////////////////////////////////////////////////////
1.24 +
1.25 +RTest TheTest(_L("t_sqlattach test"));
1.26 +
1.27 +RSqlDatabase TheDb;
1.28 +RSqlDatabase TheDb2;
1.29 +
1.30 +_LIT(KTestDir, "c:\\test\\");
1.31 +
1.32 +_LIT(KTestDb1, "c:\\test\\t_sqlattach_1.db");
1.33 +_LIT(KTestDb2, "c:\\test\\t_sqlattach_2.db");
1.34 +_LIT(KTestDb3, "c:\\test\\t_sqlattach_3.db");
1.35 +_LIT(KTestDb4, "c:\\test\\t_sqlattach_4.db");
1.36 +
1.37 +_LIT(KSecureTestDb1, "c:[21212122]BBDb2.db");//Created outside this test app
1.38 +_LIT(KSecureTestDb2, "c:[21212122]AADb2.db");//Created outside this test app
1.39 +_LIT(KSecureTestDb3, "c:[21212123]t_sqlattach_3.db");
1.40 +_LIT(KDbNameInjection, "c:\\test\\t_sqlattach_3.db' as db; delete from a;");
1.41 +
1.42 +//const TUid KSecureUid = {0x21212122};//The UID of the secure test databases: KSecureTestDb1 and KSecureTestDb2
1.43 +
1.44 +//The test uses two secure databases: KSecureTestDb1 and KSecureTestDb2.
1.45 +//
1.46 +//KSecureTestDb1 schema
1.47 +//TABLE A1(F1 INTEGER , F2 INTEGER, B1 BLOB)
1.48 +//
1.49 +//KSecureTestDb1 security settings
1.50 +//-Security UID = KSecureUid
1.51 +//-Schema policy = ECapabilityTrustedUI
1.52 +//-Read policy = ECapabilityReadDeviceData
1.53 +//-Write policy = ECapabilityWriteDeviceData
1.54 +//The test application can read/write the database tables but cannot modify the database structure
1.55 +//
1.56 +//KSecureTestDb2 schema
1.57 +//TABLE C(A1 INTEGER, B2 BLOB)
1.58 +//
1.59 +//KSecureTestDb2 security settings
1.60 +//-Security UID = KSecureUid
1.61 +//-Schema policy = ECapabilityDiskAdmin
1.62 +//-Read policy = ECapabilityNetworkControl
1.63 +//-Write policy = ECapabilityWriteDeviceData
1.64 +//The test application can write to the database tables but cannot modify the database structure or read from tables
1.65 +
1.66 +///////////////////////////////////////////////////////////////////////////////////////
1.67 +
1.68 +void DeleteDatabases()
1.69 + {
1.70 + TheDb2.Close();
1.71 + TheDb.Close();
1.72 + (void)RSqlDatabase::Delete(KDbNameInjection);
1.73 + (void)RSqlDatabase::Delete(KSecureTestDb3);
1.74 + (void)RSqlDatabase::Delete(KTestDb4);
1.75 + (void)RSqlDatabase::Delete(KTestDb3);
1.76 + (void)RSqlDatabase::Delete(KTestDb2);
1.77 + (void)RSqlDatabase::Delete(KTestDb1);
1.78 + }
1.79 +
1.80 +///////////////////////////////////////////////////////////////////////////////////////
1.81 +//Test macros and functions
1.82 +void Check(TInt aValue, TInt aLine)
1.83 + {
1.84 + if(!aValue)
1.85 + {
1.86 + DeleteDatabases();
1.87 + TheTest(EFalse, aLine);
1.88 + }
1.89 + }
1.90 +void Check(TInt aValue, TInt aExpected, TInt aLine)
1.91 + {
1.92 + if(aValue != aExpected)
1.93 + {
1.94 + DeleteDatabases();
1.95 + RDebug::Print(_L("*** Expected error: %d, got: %d\r\n"), aExpected, aValue);
1.96 + TheTest(EFalse, aLine);
1.97 + }
1.98 + }
1.99 +#define TEST(arg) ::Check((arg), __LINE__)
1.100 +#define TEST2(aValue, aExpected) ::Check(aValue, aExpected, __LINE__)
1.101 +
1.102 +///////////////////////////////////////////////////////////////////////////////////////
1.103 +
1.104 +void CreateTestDir()
1.105 + {
1.106 + RFs fs;
1.107 + TInt err = fs.Connect();
1.108 + TEST2(err, KErrNone);
1.109 +
1.110 + err = fs.MkDir(KTestDir);
1.111 + TEST(err == KErrNone || err == KErrAlreadyExists);
1.112 +
1.113 + fs.Close();
1.114 + }
1.115 +
1.116 +void CreateDatabases()
1.117 + {
1.118 + TBuf<100> sql;
1.119 +
1.120 + TInt err = TheDb.Create(KTestDb1);
1.121 + TEST2(err, KErrNone);
1.122 + sql.Copy(_L("CREATE TABLE A1(F1 INTEGER, F2 INTEGER)"));
1.123 + err = TheDb.Exec(sql);
1.124 + TEST(err >= 0);
1.125 + sql.Copy(_L("CREATE TABLE A2(DDD INTEGER)"));
1.126 + err = TheDb.Exec(sql);
1.127 + TEST(err >= 0);
1.128 + TheDb.Close();
1.129 +
1.130 + err = TheDb.Create(KTestDb2);
1.131 + TEST2(err, KErrNone);
1.132 + sql.Copy(_L("CREATE TABLE B(A1 INTEGER, A2 INTEGER)"));
1.133 + err = TheDb.Exec(sql);
1.134 + TEST(err >= 0);
1.135 + TheDb.Close();
1.136 + }
1.137 +
1.138 +///////////////////////////////////////////////////////////////////////////////////////
1.139 +///////////////////////////////////////////////////////////////////////////////////////
1.140 +
1.141 +/**
1.142 +@SYMTestCaseID SYSLIB-SQL-CT-1641
1.143 +@SYMTestCaseDesc Attached database tests.
1.144 + Open non-secure database, attach secure database.
1.145 + The test application's security policy allows read/write operations on the attached
1.146 + database, but database schema modifications are not allowed. The test executes
1.147 + different kind of SQL statements to verify that the test application's security
1.148 + policy is properly asserted by the SQL server.
1.149 +@SYMTestPriority High
1.150 +@SYMTestActions Execution SQL statements on attached database.
1.151 +@SYMTestExpectedResults Test must not fail
1.152 +@SYMREQ REQ5792
1.153 + REQ5793
1.154 +*/
1.155 +void Test1()
1.156 + {
1.157 + TInt err = TheDb.Open(KTestDb1);
1.158 + TEST2(err, KErrNone);
1.159 +
1.160 + //Attach a secure database, the logical database name length is 0
1.161 + _LIT(KAttachDb0, "");
1.162 + err = TheDb.Attach(KSecureTestDb1, KAttachDb0);
1.163 + TEST2(err, KErrBadName);
1.164 +
1.165 + //Attach a secure database, the logical database name length is > than KMaxFileName
1.166 + TBuf<KMaxFileName + 1> longDbName;
1.167 + longDbName.SetLength(longDbName.MaxLength());
1.168 + longDbName.Fill(TChar('A'));
1.169 + err = TheDb.Attach(KSecureTestDb1, longDbName);
1.170 + TEST2(err, KErrBadName);
1.171 +
1.172 + //Attach a secure database
1.173 + //The test application can read/write the attached database tables but cannot modify the database structure
1.174 + _LIT(KAttachDb1, "Db1");
1.175 + err = TheDb.Attach(KSecureTestDb1, KAttachDb1);
1.176 + TEST2(err, KErrNone);
1.177 +
1.178 + //Attempt to read from the attached secure database
1.179 + err = TheDb.Exec(_L("SELECT * FROM db1.a1"));
1.180 + TEST(err >= 0);
1.181 + //Attempt to write to the attached secure database
1.182 + err = TheDb.Exec(_L("INSERT INTO dB1.a1(f1) valUES(10)"));
1.183 + TEST2(err, 1);
1.184 + //Attempt to modify the attached secure database schema
1.185 + err = TheDb.Exec(_L("CREATE TABLE db1.CCC(H REAL)"));
1.186 + TEST2(err, KErrPermissionDenied);
1.187 + err = TheDb.Exec(_L("ALTER TABLE db1.A1 ADD COLUMN a2 integer"));
1.188 + TEST2(err, KErrPermissionDenied);
1.189 +
1.190 + //Attempt to read from the main non-secure database
1.191 + err = TheDb.Exec(_L("SELECT * FROM main.a1"));
1.192 + TEST(err >= 0);
1.193 + //Attempt to write to the main non-secure database
1.194 + err = TheDb.Exec(_L("INSERT INTO a1(f1) valUES(10)"));
1.195 + TEST2(err, 1);
1.196 + //Attempt to modify the main non-secure database schema
1.197 + err = TheDb.Exec(_L("CREATE TABLE a3(H REAL)"));
1.198 + TEST(err >= 0);
1.199 +
1.200 + TheTest.Printf(_L("===Attach second, non-secure database"));
1.201 + //Attach a non-secure database
1.202 + //The test application should be able to do everything with the attached database
1.203 + _LIT(KAttachDb2, "db2");
1.204 + err = TheDb.Attach(KTestDb2, KAttachDb2);
1.205 + TEST2(err, KErrNone);
1.206 +
1.207 + //Attempt to read from the attached non-secure database
1.208 + err = TheDb.Exec(_L("SELECT * FROM db2.B"));
1.209 + TEST(err >= 0);
1.210 + //Attempt to write to the attached non-secure database
1.211 + err = TheDb.Exec(_L("INSERT INTO dB2.b(a2) ValUES(112)"));
1.212 + TEST2(err, 1);
1.213 + //Attempt to modify the attached non-secure database schema
1.214 + err = TheDb.Exec(_L("ALTER TABLE db2.b ADD COLUMN a3 text"));
1.215 + TEST(err >= 0);
1.216 +
1.217 + TheTest.Printf(_L("===Attach third, non-secure database (the main database)"));
1.218 + //Attach a non-secure database (the main database)
1.219 + //The test application should be able to do everything with the attached database
1.220 + _LIT(KAttachDb3, "db3");
1.221 + err = TheDb.Attach(KTestDb1, KAttachDb3);
1.222 + TEST2(err, KErrNone);
1.223 +
1.224 + //Attempt to read from the third, non-secure database
1.225 + err = TheDb.Exec(_L("SELECT * FROM db3.a1"));
1.226 + TEST(err >= 0);
1.227 + //Attempt to write to the third, non-secure database
1.228 + err = TheDb.Exec(_L("INSERT INTO db3.a1(f2) values(11)"));
1.229 + TEST2(err, 1);
1.230 + //Attempt to modify the third, non-secure database schema
1.231 + err = TheDb.Exec(_L("CREATE TABLE db3.a4(s blob)"));
1.232 + TEST(err < 0);//Cannot modify the main database from the atatched!?
1.233 +
1.234 + TheTest.Printf(_L("===Attach fourth, secure database"));
1.235 + //Attach a secure database
1.236 + //The test application can only write to the database, but cannot modify the schema or read from the database
1.237 + _LIT(KAttachDb4, "db4");
1.238 + err = TheDb.Attach(KSecureTestDb2, KAttachDb4);
1.239 + TEST2(err, KErrNone);
1.240 +
1.241 + //Attempt to read from the attached secure database
1.242 + err = TheDb.Exec(_L("SELECT * FROM db4.c"));
1.243 + TEST2(err, KErrPermissionDenied);
1.244 + //Attempt to write to the attached secure database
1.245 + err = TheDb.Exec(_L("INSERT INTO Db4.c(a1) VALUES(1)"));
1.246 + TEST2(err, 1);
1.247 + //Attempt to write to a non-secure database using data from the attached secure database
1.248 + err = TheDb.Exec(_L("INSERT INTO a1(f1) select db4.c.a1 from db4.c"));
1.249 + TEST2(err, KErrPermissionDenied);
1.250 + //Attempt to write to a secure database using data from a non-secure database
1.251 + err = TheDb.Exec(_L("INSERT INTO db4.c(a1) select f1 from a1"));
1.252 + TEST(err >= 0);
1.253 + err = TheDb.Exec(_L("UPDATE db4.C SET a1 = 3 WHERE a1 = 1"));
1.254 + TEST2(err, KErrPermissionDenied);//!?!?!?
1.255 + err = TheDb.Exec(_L("DELETE FROM db4.C"));
1.256 + TEST(err >= 0);
1.257 + //Attempt to modify the attached secure database schema
1.258 + err = TheDb.Exec(_L("CREATE TABLE db4.CCC(z integer)"));
1.259 + TEST2(err, KErrPermissionDenied);
1.260 + err = TheDb.Exec(_L("DROP table db4.C"));
1.261 + TEST2(err, KErrPermissionDenied);
1.262 +
1.263 + err = TheDb.Detach(KAttachDb2);
1.264 + TEST2(err, KErrNone);
1.265 + err = TheDb.Detach(KAttachDb1);
1.266 + TEST2(err, KErrNone);
1.267 +
1.268 + err = TheDb.Detach(KAttachDb4);
1.269 + TEST2(err, KErrNone);
1.270 + err = TheDb.Exec(_L("SELECT * FROM db4.c"));
1.271 + TEST(err < 0);
1.272 +
1.273 + err = TheDb.Detach(KAttachDb2);
1.274 + TEST(err != KErrNone);
1.275 +
1.276 + err = TheDb.Detach(KAttachDb3);
1.277 + TEST2(err, KErrNone);
1.278 + err = TheDb.Exec(_L("INSERT INTO db3.a1(f2) values(11)"));
1.279 + TEST(err < 0);
1.280 +
1.281 + err = TheDb.Detach(KAttachDb4);
1.282 + TEST(err != KErrNone);
1.283 +
1.284 + //Detach() with zero-length logical database name
1.285 + err = TheDb.Detach(_L(""));
1.286 + TEST2(err, KErrBadName);
1.287 +
1.288 + //Detach() with logical database name containing "bad" unicode characters (cannot be converted to UTF8)
1.289 + TBuf<2> dbName3;
1.290 + dbName3.SetLength(2);
1.291 + dbName3[0] = TChar(0xD800);
1.292 + dbName3[1] = TChar(0xFC00);
1.293 + err = TheDb.Detach(dbName3);
1.294 + TEST2(err, KSqlErrGeneral);
1.295 +
1.296 + //Attach a non-existing database
1.297 + _LIT(KAttachDbFile5, "c:\\test\\zxcvbnm987654321.db");
1.298 + _LIT(KAttachDb5, "zxcvbnm987654321");
1.299 + err = TheDb.Attach(KAttachDbFile5, KAttachDb5);
1.300 + TEST2(err, KErrNotFound);
1.301 +
1.302 + TheDb.Close();
1.303 + }
1.304 +
1.305 +/**
1.306 +@SYMTestCaseID SYSLIB-SQL-CT-1642
1.307 +@SYMTestCaseDesc Attached database tests.
1.308 + Open secure database, attach secure database.
1.309 + The test application's security policy allows read/write operations on the main
1.310 + database, but database schema modifications are not allowed. The test application
1.311 + is allowed to write to the attached database but can't read from or modify the schema.
1.312 + The test executes different kind of SQL statements to verify that the test application's security
1.313 + policy is properly asserted by the SQL server.
1.314 +@SYMTestPriority High
1.315 +@SYMTestActions Execution SQL statements on attached database.
1.316 +@SYMTestExpectedResults Test must not fail
1.317 +@SYMREQ REQ5792
1.318 + REQ5793
1.319 +*/
1.320 +void Test2()
1.321 + {
1.322 + //The test application can read/write the database tables but cannot modify the database structure
1.323 + TInt err = TheDb.Open(KSecureTestDb1);
1.324 + TEST2(err, KErrNone);
1.325 + _LIT(KAttachDb2, "Db2");
1.326 + //The test application can only write to the database, but cannot modify the schema or read from the database
1.327 + err = TheDb.Attach(KSecureTestDb2, KAttachDb2);
1.328 + TEST2(err, KErrNone);
1.329 +
1.330 + //Attempt to read from the main database and write to the attached database
1.331 + err = TheDb.Exec(_L("INSERT INTO db2.c(a1) SELECT f1 FROM a1"));
1.332 + TEST(err >= 0);
1.333 +
1.334 + //Attempt to read from the attached database and write to the main database
1.335 + err = TheDb.Exec(_L("INSERT INTO a1(f2) SELECT a1 FROM db2.c"));
1.336 + TEST2(err, KErrPermissionDenied);
1.337 +
1.338 + //Attempt to detach database using DETACH sql statement directly.
1.339 + err = TheDb.Exec(_L("DETACH DATABASE DB2"));
1.340 + TEST2(err, KErrPermissionDenied);
1.341 +
1.342 + err = TheDb.Detach(KAttachDb2);
1.343 + TEST2(err, KErrNone);
1.344 +
1.345 + //Attempt to attach a database using ATTACH sql statement directly.
1.346 + TBuf<100> sql;
1.347 + sql.Format(_L("ATTACH DATABASE '%S' AS Db3"), &KSecureTestDb2);
1.348 + err = TheDb.Exec(sql);
1.349 + TEST2(err, KErrPermissionDenied);
1.350 +
1.351 + TheDb.Close();
1.352 + }
1.353 +
1.354 +/**
1.355 +@SYMTestCaseID SYSLIB-SQL-CT-1814
1.356 +@SYMTestCaseDesc Attached database tests. SQL injection.
1.357 + Create the following test databases:
1.358 + 1) c:\test\inj.db
1.359 + 2) c:\test\inj.db' as db; delete from a;
1.360 + 3) c:[21212123]Injected.db
1.361 + Insert some records in database (3). Attach database (2) to database (3).
1.362 + Check the records count of table A. If the count is zero, then it means that the injection has been successful
1.363 + and a security hole exists when attaching/detaching databases.
1.364 +@SYMTestPriority High
1.365 +@SYMTestActions Attached database tests. SQL injection.
1.366 +@SYMTestExpectedResults Test must not fail
1.367 +@SYMREQ REQ5792
1.368 + REQ5793
1.369 +*/
1.370 +void SqlInjectionTest()
1.371 + {
1.372 + //Create the database, which name is used for the attack.
1.373 + //This is done just to ensure that the database, which name is used in the SQL injection, exists,
1.374 + //Otherwise the injection attack may fail with KErrNotFound error.
1.375 + TInt err = TheDb2.Create(KTestDb3);
1.376 + TEST2(err, KErrNone);
1.377 + TheDb2.Close();
1.378 + err = TheDb2.Create(KDbNameInjection);
1.379 + TEST2(err, KErrNone);
1.380 + TheDb2.Close();
1.381 + //Create a secure database, which will be impacted by the SQL injection
1.382 + TSecurityPolicy policy(TSecurityPolicy::EAlwaysPass);
1.383 + RSqlSecurityPolicy dbPolicy;
1.384 + err = dbPolicy.Create(policy);
1.385 + TEST2(err, KErrNone);
1.386 + err = TheDb.Create(KSecureTestDb3, dbPolicy);
1.387 + TEST2(err, KErrNone);
1.388 + err = TheDb.Exec(_L("CREATE TABLE A(Id Integer)"));
1.389 + TEST(err >= 0);
1.390 + err = TheDb.Exec(_L("INSERT INTO A(Id) VALUES(1)"));
1.391 + TEST(err >= 0);
1.392 + err = TheDb.Exec(_L("INSERT INTO A(Id) VALUES(2)"));
1.393 + TEST(err >= 0);
1.394 + const TInt KInsertedRecCnt = 2;
1.395 + //Cleanup
1.396 + dbPolicy.Close();
1.397 + TheDb.Close();
1.398 + //Repopen the secure database and attach the secind database, which file name is actually a SQL injection
1.399 + err = TheDb.Open(KSecureTestDb3);
1.400 + TEST2(err, KErrNone);
1.401 + err = TheDb.Attach(KDbNameInjection, _L("Db2"));
1.402 + TEST2(err, KErrNone);
1.403 + //Check table A contents. If the security hole still exists, table A content is gone.
1.404 + TSqlScalarFullSelectQuery query(TheDb);
1.405 + TInt recCnt = 0;
1.406 + TRAP(err, recCnt = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
1.407 + TEST2(err, KErrNone);
1.408 + TEST2(recCnt, KInsertedRecCnt);//if zero records count - successfull SQL injection - the security hole exists!
1.409 + //Try to execute RSqlDatabase::Detach(), where instead of a logical database name, SQL statement is supplied.
1.410 + err = TheDb.Detach(_L("DB; INSERT INTO A(Id) VALUES(3)"));
1.411 + TEST(err != KErrNone);
1.412 + //Check table A contents. If the security hole still exists, table A will have one more record.
1.413 + TRAP(err, recCnt = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
1.414 + TEST2(err, KErrNone);
1.415 + TEST2(recCnt, KInsertedRecCnt);//if one more record - successfull SQL injection - the security hole exists!
1.416 + TheDb.Close();
1.417 + //Cleanup
1.418 + (void)RSqlDatabase::Delete(KDbNameInjection);
1.419 + (void)RSqlDatabase::Delete(KTestDb3);
1.420 + (void)RSqlDatabase::Delete(KSecureTestDb3);
1.421 + }
1.422 +
1.423 +/**
1.424 +@SYMTestCaseID SYSLIB-SQL-UT-3507
1.425 +@SYMTestCaseDesc Test for DEF109100: SQL, code coverage for TSqlBufRIterator, TSqlAttachDbRefCounter is very low.
1.426 + The test opens two existing databases, and the attaches to them the same secure shared database.
1.427 +@SYMTestPriority High
1.428 +@SYMTestActions Test for DEF109100: SQL, code coverage for TSqlBufRIterator, TSqlAttachDbRefCounter is very low.
1.429 +@SYMTestExpectedResults Test must not fail
1.430 +@SYMDEF DEF109100
1.431 +*/
1.432 +void TwoConnAttachTest()
1.433 + {
1.434 + //Connection 1
1.435 + TInt err = TheDb.Open(KTestDb1);
1.436 + TEST2(err, KErrNone);
1.437 + //Connection 2
1.438 + err = TheDb2.Open(KTestDb2);
1.439 + TEST2(err, KErrNone);
1.440 + //Attach KSecureTestDb1 to connection 1
1.441 + _LIT(KAttachDb1, "Db1");
1.442 + err = TheDb.Attach(KSecureTestDb1, KAttachDb1);
1.443 + TEST2(err, KErrNone);
1.444 + //Attach KSecureTestDb1 to connection 2
1.445 + err = TheDb2.Attach(KSecureTestDb1, KAttachDb1);
1.446 + TEST2(err, KErrNone);
1.447 + //Detach
1.448 + err = TheDb2.Detach(KAttachDb1);
1.449 + TEST2(err, KErrNone);
1.450 + err = TheDb.Detach(KAttachDb1);
1.451 + TEST2(err, KErrNone);
1.452 + //Cleanup
1.453 + TheDb2.Close();
1.454 + TheDb.Close();
1.455 + }
1.456 +
1.457 +/**
1.458 +@SYMTestCaseID SYSLIB-SQL-UT-3515
1.459 +@SYMTestCaseDesc RSqlStatement::DeclaredColumnType() test
1.460 + The test creates 2 tables in two different databases. Then the test opens the first database and
1.461 + attaches the second one. After that a SELECT sql statement is prepared and the statement operates
1.462 + on both tables: from the main database and the attached one.
1.463 + DeclaredColumnType() is called after the statement preparation and column types checked.
1.464 +@SYMTestPriority High
1.465 +@SYMTestActions RSqlStatement::ColumnCount() test
1.466 +@SYMTestExpectedResults Test must not fail
1.467 +@SYMREQ REQ8035
1.468 +*/
1.469 +void DeclaredColumnTypeTest()
1.470 + {
1.471 + //Preparation
1.472 + TInt err = TheDb.Open(KTestDb1);
1.473 + TEST2(err, KErrNone);
1.474 + err = TheDb.Exec(_L("CREATE TABLE Y(Id INTEGER, Name TEXT)"));
1.475 + TEST(err >= 0);
1.476 + TheDb.Close();
1.477 + err = TheDb.Open(KTestDb2);
1.478 + TEST2(err, KErrNone);
1.479 + err = TheDb.Exec(_L("CREATE TABLE Z(Id INTEGER, Data BLOB)"));
1.480 + TEST(err >= 0);
1.481 + TheDb.Close();
1.482 + //Open KTestDb1, attach KTestDb2
1.483 + err = TheDb.Open(KTestDb1);
1.484 + TEST2(err, KErrNone);
1.485 + _LIT(KAttachDb, "Db2");
1.486 + err = TheDb.Attach(KTestDb2, KAttachDb);
1.487 + TEST2(err, KErrNone);
1.488 + //SELECT from both db
1.489 + RSqlStatement stmt;
1.490 + err = stmt.Prepare(TheDb, _L("SELECT Y.Id, Y.Name, DB2.Z.Data FROM Y,DB2.Z WHERE Y.Id = DB2.Z.Id"));
1.491 + TEST2(err, KErrNone);
1.492 + TInt colCnt = stmt.ColumnCount();
1.493 + TEST2(colCnt, 3);
1.494 + TSqlColumnType colType;
1.495 + err = stmt.DeclaredColumnType(0, colType);
1.496 + TEST2(err, KErrNone);
1.497 + TEST2(colType, ESqlInt);
1.498 + err = stmt.DeclaredColumnType(1, colType);
1.499 + TEST2(err, KErrNone);
1.500 + TEST2(colType, ESqlText);
1.501 + err = stmt.DeclaredColumnType(2, colType);
1.502 + TEST2(err, KErrNone);
1.503 + TEST2(colType, ESqlBinary);
1.504 + stmt.Close();
1.505 + //Cleanup
1.506 + err = TheDb.Detach(KAttachDb);
1.507 + TEST2(err, KErrNone);
1.508 + TheDb.Close();
1.509 + }
1.510 +
1.511 +/**
1.512 +@SYMTestCaseID SYSLIB-SQL-UT-4016
1.513 +@SYMTestCaseDesc Test for DEF116713 SQL: No redindexing occurs for an attached database.
1.514 + The test does the following steps:
1.515 + 1) Sets the "CollationDllName" column value in the "symbian_settings" stable of the database to be used
1.516 + as an attached database (KTestDb2). The set column value is different than the default collation dll name.
1.517 + 2) Opens KTestDb1, attaches KTestDb2.
1.518 + 3) When KTestDb2 is attached to KTestDb1, the SQL server should detect that the "CollationDllName" column
1.519 + value is different than the default collation dll name and should reindex the attached database and then
1.520 + store the current collation dll name in the "CollationDllName" column.
1.521 + 4) The test checks that after attaching the KTestDb2 database, the "CollationDllName" column value
1.522 + is not the previously used test collation dll name.
1.523 +@SYMTestPriority Low
1.524 +@SYMTestActions Test for DEF116713 SQL: No redindexing occurs for an attached database.
1.525 +@SYMTestExpectedResults Test must not fail
1.526 +@SYMDEF DEF116713
1.527 +*/
1.528 +void DEF116713()
1.529 + {
1.530 + //Set the "CollationDllName" column value in "symbian_settings" table of the database to be attached -
1.531 + //not to be the default collation dll name.
1.532 + TInt err = TheDb.Open(KTestDb2);
1.533 + TEST2(err, KErrNone);
1.534 + err = TheDb.Exec(_L("UPDATE symbian_settings SET CollationDllName='ddkjrrm'"));
1.535 + TEST2(err, 1);
1.536 + TheDb.Close();
1.537 + //Open the main database, attach the other one
1.538 + err = TheDb.Open(KTestDb1);
1.539 + TEST2(err, KErrNone);
1.540 + err = TheDb.Attach(KTestDb2, _L("Db2"));
1.541 + TEST2(err, KErrNone);
1.542 + //The expectation is that the attached database is reindexed and the "CollationDllName" column value - set.
1.543 + RSqlStatement stmt;
1.544 + err = stmt.Prepare(TheDb, _L("SELECT CollationDllName FROM Db2.symbian_settings"));
1.545 + TEST2(err, KErrNone);
1.546 + err = stmt.Next();
1.547 + TEST2(err, KSqlAtRow);
1.548 + TPtrC collationDllName;
1.549 + err = stmt.ColumnText(0, collationDllName);
1.550 + TEST2(err, KErrNone);
1.551 + stmt.Close();
1.552 + TheDb.Close();
1.553 +
1.554 + _LIT(KTestCollationDllName, "ddkjrrm");//The same as the used in the "UPDATE symbian_settings" sql.
1.555 + TEST(collationDllName != KTestCollationDllName);
1.556 + }
1.557 +
1.558 +/**
1.559 +@SYMTestCaseID SYSLIB-SQL-UT-4042
1.560 +@SYMTestCaseDesc RSqlDatabase::Size(TSize&) on attached database - injection test.
1.561 + The test creates a database and attempts to attach another database,
1.562 + passing a DELETE SQL statement in the attached database name.
1.563 + The attach operation is expected to fail, the database content should stay
1.564 + unchanged after the operation.
1.565 +@SYMTestPriority High
1.566 +@SYMTestActions RSqlDatabase::Size(TSize&) on attached database - injection test.
1.567 +@SYMTestExpectedResults Test must not fail
1.568 +@SYMREQ REQ10407
1.569 +*/
1.570 +void Size2InjectionTest()
1.571 + {
1.572 + TInt err = TheDb.Create(KTestDb4);
1.573 + TEST2(err, KErrNone);
1.574 + err = TheDb.Exec(_L("CREATE TABLE A(I INTEGER)"));
1.575 + TEST(err >= 0);
1.576 + err = TheDb.Exec(_L("INSERT INTO A VALUES(1)"));
1.577 + TEST2(err, 1);
1.578 + _LIT(KAttachDbName, "B");
1.579 + err = TheDb.Attach(KTestDb4, KAttachDbName);
1.580 + TEST2(err, KErrNone);
1.581 + RSqlDatabase::TSize size;
1.582 + err = TheDb.Size(size, _L("B;DELETE FROM MAIN.A"));
1.583 + TEST2(err, KSqlErrGeneral);
1.584 + TPtrC msg = TheDb.LastErrorMessage();
1.585 + TheTest.Printf(_L("RSqlDatabase::Size(TSize&) injection, error message: %S\r\n"), &msg);
1.586 + TSqlScalarFullSelectQuery q(TheDb);
1.587 + TInt reccnt = 0;
1.588 + TRAP(err, reccnt = q.SelectIntL(_L("SELECT COUNT(*) FROM MAIN.A")));
1.589 + TEST2(err, KErrNone);
1.590 + TEST2(reccnt, 1);
1.591 + err = TheDb.Detach(KAttachDbName);
1.592 + TEST2(err, KErrNone);
1.593 + TheDb.Close();
1.594 + (void)RSqlDatabase::Delete(KTestDb4);
1.595 + }
1.596 +
1.597 +/**
1.598 +@SYMTestCaseID SYSLIB-SQL-UT-4043
1.599 +@SYMTestCaseDesc RSqlDatabase::Compact() on attached database - injection test.
1.600 + The test creates a database and attaches another database.
1.601 + Then the test attempts to compact the attached database calling
1.602 + RSqlDatabase::Compact() passing DROP TABLE and DELETE statements
1.603 + as name of the attached database. The call is expected to fail,
1.604 + the database content should stay unchanged after the call.
1.605 +@SYMTestPriority High
1.606 +@SYMTestActions RSqlDatabase::Compact() on attached database - injection test.
1.607 +@SYMTestExpectedResults Test must not fail
1.608 +@SYMREQ REQ10405
1.609 +*/
1.610 +void CompactInjectionTest()
1.611 + {
1.612 + TInt err = TheDb.Create(KTestDb4);
1.613 + TEST2(err, KErrNone);
1.614 + err = TheDb.Exec(_L("CREATE TABLE A(I INTEGER); INSERT INTO A(I) VALUES(1)"));
1.615 + TEST(err >= 0);
1.616 + _LIT(KAttachDbName, "B");
1.617 + err = TheDb.Attach(KTestDb4, KAttachDbName);
1.618 + TEST2(err, KErrNone);
1.619 + err = TheDb.Compact(RSqlDatabase::EMaxCompaction, _L("B;DROP B.A"));
1.620 + TEST2(err, KSqlErrGeneral);
1.621 + TPtrC msg = TheDb.LastErrorMessage();
1.622 + TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
1.623 +
1.624 + TSqlScalarFullSelectQuery query(TheDb);
1.625 + TInt recCount = 0;
1.626 + TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
1.627 + TEST2(err, KErrNone);
1.628 + TEST2(recCount, 1);
1.629 +
1.630 + err = TheDb.Compact(8192, _L("B;DROP B.A;"));
1.631 + TEST2(err, KSqlErrGeneral);
1.632 + msg.Set(TheDb.LastErrorMessage());
1.633 + TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
1.634 +
1.635 + recCount = 0;
1.636 + TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
1.637 + TEST2(err, KErrNone);
1.638 + TEST2(recCount, 1);
1.639 +
1.640 + TRequestStatus stat;
1.641 + TheDb.Compact(8192, stat, _L("B;DELETE FROM B.A;"));
1.642 + User::WaitForRequest(stat);
1.643 + TEST2(stat.Int(), KSqlErrGeneral);
1.644 + msg.Set(TheDb.LastErrorMessage());
1.645 + TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
1.646 +
1.647 + recCount = 0;
1.648 + TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
1.649 + TEST2(err, KErrNone);
1.650 + TEST2(recCount, 1);
1.651 +
1.652 + err = TheDb.Detach(KAttachDbName);
1.653 + TEST2(err, KErrNone);
1.654 + TheDb.Close();
1.655 + (void)RSqlDatabase::Delete(KTestDb4);
1.656 + }
1.657 +
1.658 +/**
1.659 +@SYMTestCaseID SYSLIB-SQL-UT-4094
1.660 +@SYMTestCaseDesc Incremental blob i/o tests on an attached database.
1.661 + Open secure database, attach secure database.
1.662 + The test application's security policy allows incremental blob read & write
1.663 + operations on the main database, but only write operations on the attached database.
1.664 + The test attempts to read and write to a blob in the attached database to verify that
1.665 + the test application's security policy is properly asserted by the Symbian SQL server.
1.666 +@SYMTestPriority High
1.667 +@SYMTestActions Execution of blob read and write operations on the attached database.
1.668 +@SYMTestExpectedResults Test must not fail
1.669 +@SYMREQ REQ5794
1.670 +*/
1.671 +void BlobAttachedTestL()
1.672 + {
1.673 + // Open the main secure database - the test application can read & write blobs in it
1.674 + // Attach another secure database - the test application can only write blobs in it
1.675 + TInt err = TheDb.Open(KSecureTestDb1);
1.676 + TEST2(err, KErrNone);
1.677 + _LIT(KAttachDb1, "Db1");
1.678 + err = TheDb.Attach(KSecureTestDb2, KAttachDb1);
1.679 + TEST2(err, KErrNone);
1.680 +
1.681 + // Insert a new record into the attached database - the blob value is "AAAAAAAAAA"
1.682 + err = TheDb.Exec(_L("INSERT INTO Db1.C(A1, B2) VALUES(15, x'41414141414141414141')"));
1.683 + TEST2(err, 1);
1.684 +
1.685 + // Attempt to write to a blob in the attached database
1.686 + RSqlBlobWriteStream wrStrm;
1.687 + CleanupClosePushL(wrStrm);
1.688 + TRAP(err, wrStrm.OpenL(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
1.689 + TEST2(err, KErrNone);
1.690 + TRAP(err, wrStrm.WriteL(_L8("ZZZ")));
1.691 + TEST2(err, KErrNone);
1.692 + CleanupStack::PopAndDestroy(&wrStrm);
1.693 +
1.694 + TRAP(err, TSqlBlob::SetL(TheDb, _L("C"), _L("B2"), _L8("YYYYY"), KSqlLastInsertedRowId, KAttachDb1));
1.695 + TEST2(err, KErrNone);
1.696 +
1.697 + // Attempt to read a blob in the attached database
1.698 + RSqlBlobReadStream rdStrm;
1.699 + CleanupClosePushL(rdStrm);
1.700 + TRAP(err, rdStrm.OpenL(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
1.701 + TEST2(err, KErrPermissionDenied);
1.702 + CleanupStack::PopAndDestroy(&rdStrm);
1.703 +
1.704 + HBufC8* wholeBuf = NULL;
1.705 + TRAP(err, wholeBuf = TSqlBlob::GetLC(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
1.706 + TEST2(err, KErrPermissionDenied);
1.707 +
1.708 + HBufC8* buf = HBufC8::NewLC(10);
1.709 + TPtr8 bufPtr(buf->Des());
1.710 + err = TSqlBlob::Get(TheDb, _L("C"), _L("B2"), bufPtr, KSqlLastInsertedRowId, KAttachDb1);
1.711 + TEST2(err, KErrPermissionDenied);
1.712 + CleanupStack::PopAndDestroy(buf);
1.713 +
1.714 + // SQLite and system tables in the attached database
1.715 +
1.716 + // Attempt to read from and write to the SQLite master table -
1.717 + // reads should be permitted because write capability is enough for this,
1.718 + // writes should not be permitted because schema capability is required for this
1.719 + TBuf8<20> data;
1.720 + CleanupClosePushL(rdStrm);
1.721 + TRAP(err, rdStrm.OpenL(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1)); // TEXT column
1.722 + TEST2(err, KErrNone);
1.723 + TRAP(err, rdStrm.ReadL(data, 1));
1.724 + TEST2(err, KErrNone);
1.725 + CleanupStack::PopAndDestroy(&rdStrm);
1.726 +
1.727 + wholeBuf = TSqlBlob::GetLC(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1);
1.728 + TEST(wholeBuf->Length() > 0);
1.729 + CleanupStack::PopAndDestroy(wholeBuf);
1.730 +
1.731 + buf = HBufC8::NewLC(100);
1.732 + bufPtr.Set(buf->Des());
1.733 + err = TSqlBlob::Get(TheDb, _L("sqlite_master"), _L("tbl_name"), bufPtr, 1, KAttachDb1);
1.734 + TEST2(err, KErrNone);
1.735 + TEST(bufPtr.Length() > 0);
1.736 + CleanupStack::PopAndDestroy(buf);
1.737 +
1.738 + CleanupClosePushL(wrStrm);
1.739 + TRAP(err, wrStrm.OpenL(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1));
1.740 + TEST2(err, KErrPermissionDenied);
1.741 + CleanupStack::PopAndDestroy(&wrStrm);
1.742 +
1.743 + TRAP(err, TSqlBlob::SetL(TheDb, _L("sqlite_master"), _L("tbl_name"), _L8("VVVV"), 1, KAttachDb1));
1.744 + TEST2(err, KErrPermissionDenied);
1.745 +
1.746 + // Attempt to read from and write to the system tables in the attached database - neither reads nor writes should be permitted
1.747 + CleanupClosePushL(rdStrm);
1.748 + TRAP(err, rdStrm.OpenL(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1)); // BLOB column
1.749 + TEST2(err, KErrPermissionDenied);
1.750 + CleanupStack::PopAndDestroy(&rdStrm);
1.751 +
1.752 + TRAP(err, wholeBuf = TSqlBlob::GetLC(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1));
1.753 + TEST2(err, KErrPermissionDenied);
1.754 +
1.755 + buf = HBufC8::NewLC(100);
1.756 + bufPtr.Set(buf->Des());
1.757 + err = TSqlBlob::Get(TheDb, _L("symbian_security"), _L("PolicyData"), bufPtr, 1, KAttachDb1);
1.758 + TEST2(err, KErrPermissionDenied);
1.759 + CleanupStack::PopAndDestroy(buf);
1.760 +
1.761 + CleanupClosePushL(wrStrm);
1.762 + TRAP(err, wrStrm.OpenL(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1));
1.763 + TEST2(err, KErrPermissionDenied);
1.764 + CleanupStack::PopAndDestroy(&wrStrm);
1.765 +
1.766 + TRAP(err, TSqlBlob::SetL(TheDb, _L("symbian_security"), _L("PolicyData"), _L8("VVVV"), 1, KAttachDb1));
1.767 + TEST2(err, KErrPermissionDenied);
1.768 +
1.769 + TheDb.Close();
1.770 + }
1.771 +
1.772 +void DoTestsL()
1.773 + {
1.774 + CreateDatabases();
1.775 +
1.776 + TheTest.Start(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1641 ===Open non-secure database, attach secure database "));
1.777 + Test1();
1.778 +
1.779 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1642 ===Open secure database, attach secure database "));
1.780 + Test2();
1.781 +
1.782 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1814 SQL injection test "));
1.783 + SqlInjectionTest();
1.784 +
1.785 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-3507 DEF109100 - SQL, code coverage for TSqlBufRIterator,TSqlAttachDbRefCounter is very low "));
1.786 + TwoConnAttachTest();
1.787 +
1.788 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-3515 RSqlStatement::DeclaredColumnType() and attached databases test "));
1.789 + DeclaredColumnTypeTest();
1.790 +
1.791 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4016 DEF116713 SQL: No redindexing occurs for an attached database "));
1.792 + DEF116713();
1.793 +
1.794 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4042 RSqlDatabase::Size(TSize) - attached database, injection test"));
1.795 + Size2InjectionTest();
1.796 +
1.797 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4043 RSqlDatabase::Compact() - attached database, injection test"));
1.798 + CompactInjectionTest();
1.799 +
1.800 + TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4094 Incremental blob attached test"));
1.801 + BlobAttachedTestL();
1.802 + }
1.803 +
1.804 +TInt E32Main()
1.805 + {
1.806 + TheTest.Title();
1.807 +
1.808 + CTrapCleanup* tc = CTrapCleanup::New();
1.809 +
1.810 + __UHEAP_MARK;
1.811 +
1.812 + CreateTestDir();
1.813 + DeleteDatabases();
1.814 +
1.815 + TRAPD(err, DoTestsL());
1.816 + DeleteDatabases();
1.817 + TEST2(err, KErrNone);
1.818 +
1.819 + __UHEAP_MARKEND;
1.820 +
1.821 + TheTest.End();
1.822 + TheTest.Close();
1.823 +
1.824 + delete tc;
1.825 +
1.826 + User::Heap().Check();
1.827 + return KErrNone;
1.828 + }