1 // Copyright (c) 2006-2010 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
20 ///////////////////////////////////////////////////////////////////////////////////////
22 RTest TheTest(_L("t_sqlattach test"));
27 _LIT(KTestDir, "c:\\test\\");
29 _LIT(KTestDb1, "c:\\test\\t_sqlattach_1.db");
30 _LIT(KTestDb2, "c:\\test\\t_sqlattach_2.db");
31 _LIT(KTestDb3, "c:\\test\\t_sqlattach_3.db");
32 _LIT(KTestDb4, "c:\\test\\t_sqlattach_4.db");
34 _LIT(KSecureTestDb1, "c:[21212122]BBDb2.db");//Created outside this test app
35 _LIT(KSecureTestDb2, "c:[21212122]AADb2.db");//Created outside this test app
36 _LIT(KSecureTestDb3, "c:[21212123]t_sqlattach_3.db");
37 _LIT(KDbNameInjection, "c:\\test\\t_sqlattach_3.db' as db; delete from a;");
39 //const TUid KSecureUid = {0x21212122};//The UID of the secure test databases: KSecureTestDb1 and KSecureTestDb2
41 //The test uses two secure databases: KSecureTestDb1 and KSecureTestDb2.
43 //KSecureTestDb1 schema
44 //TABLE A1(F1 INTEGER , F2 INTEGER, B1 BLOB)
46 //KSecureTestDb1 security settings
47 //-Security UID = KSecureUid
48 //-Schema policy = ECapabilityTrustedUI
49 //-Read policy = ECapabilityReadDeviceData
50 //-Write policy = ECapabilityWriteDeviceData
51 //The test application can read/write the database tables but cannot modify the database structure
53 //KSecureTestDb2 schema
54 //TABLE C(A1 INTEGER, B2 BLOB)
56 //KSecureTestDb2 security settings
57 //-Security UID = KSecureUid
58 //-Schema policy = ECapabilityDiskAdmin
59 //-Read policy = ECapabilityNetworkControl
60 //-Write policy = ECapabilityWriteDeviceData
61 //The test application can write to the database tables but cannot modify the database structure or read from tables
63 ///////////////////////////////////////////////////////////////////////////////////////
65 void DeleteDatabases()
69 (void)RSqlDatabase::Delete(KDbNameInjection);
70 (void)RSqlDatabase::Delete(KSecureTestDb3);
71 (void)RSqlDatabase::Delete(KTestDb4);
72 (void)RSqlDatabase::Delete(KTestDb3);
73 (void)RSqlDatabase::Delete(KTestDb2);
74 (void)RSqlDatabase::Delete(KTestDb1);
77 ///////////////////////////////////////////////////////////////////////////////////////
78 //Test macros and functions
79 void Check(TInt aValue, TInt aLine)
84 TheTest(EFalse, aLine);
87 void Check(TInt aValue, TInt aExpected, TInt aLine)
89 if(aValue != aExpected)
92 RDebug::Print(_L("*** Expected error: %d, got: %d\r\n"), aExpected, aValue);
93 TheTest(EFalse, aLine);
96 #define TEST(arg) ::Check((arg), __LINE__)
97 #define TEST2(aValue, aExpected) ::Check(aValue, aExpected, __LINE__)
99 ///////////////////////////////////////////////////////////////////////////////////////
104 TInt err = fs.Connect();
105 TEST2(err, KErrNone);
107 err = fs.MkDir(KTestDir);
108 TEST(err == KErrNone || err == KErrAlreadyExists);
113 void CreateDatabases()
117 TInt err = TheDb.Create(KTestDb1);
118 TEST2(err, KErrNone);
119 sql.Copy(_L("CREATE TABLE A1(F1 INTEGER, F2 INTEGER)"));
120 err = TheDb.Exec(sql);
122 sql.Copy(_L("CREATE TABLE A2(DDD INTEGER)"));
123 err = TheDb.Exec(sql);
127 err = TheDb.Create(KTestDb2);
128 TEST2(err, KErrNone);
129 sql.Copy(_L("CREATE TABLE B(A1 INTEGER, A2 INTEGER)"));
130 err = TheDb.Exec(sql);
135 ///////////////////////////////////////////////////////////////////////////////////////
136 ///////////////////////////////////////////////////////////////////////////////////////
139 @SYMTestCaseID SYSLIB-SQL-CT-1641
140 @SYMTestCaseDesc Attached database tests.
141 Open non-secure database, attach secure database.
142 The test application's security policy allows read/write operations on the attached
143 database, but database schema modifications are not allowed. The test executes
144 different kind of SQL statements to verify that the test application's security
145 policy is properly asserted by the SQL server.
146 @SYMTestPriority High
147 @SYMTestActions Execution SQL statements on attached database.
148 @SYMTestExpectedResults Test must not fail
154 TInt err = TheDb.Open(KTestDb1);
155 TEST2(err, KErrNone);
157 //Attach a secure database, the logical database name length is 0
158 _LIT(KAttachDb0, "");
159 err = TheDb.Attach(KSecureTestDb1, KAttachDb0);
160 TEST2(err, KErrBadName);
162 //Attach a secure database, the logical database name length is > than KMaxFileName
163 TBuf<KMaxFileName + 1> longDbName;
164 longDbName.SetLength(longDbName.MaxLength());
165 longDbName.Fill(TChar('A'));
166 err = TheDb.Attach(KSecureTestDb1, longDbName);
167 TEST2(err, KErrBadName);
169 //Attach a secure database
170 //The test application can read/write the attached database tables but cannot modify the database structure
171 _LIT(KAttachDb1, "Db1");
172 err = TheDb.Attach(KSecureTestDb1, KAttachDb1);
173 TEST2(err, KErrNone);
175 //Attempt to read from the attached secure database
176 err = TheDb.Exec(_L("SELECT * FROM db1.a1"));
178 //Attempt to write to the attached secure database
179 err = TheDb.Exec(_L("INSERT INTO dB1.a1(f1) valUES(10)"));
181 //Attempt to modify the attached secure database schema
182 err = TheDb.Exec(_L("CREATE TABLE db1.CCC(H REAL)"));
183 TEST2(err, KErrPermissionDenied);
184 err = TheDb.Exec(_L("ALTER TABLE db1.A1 ADD COLUMN a2 integer"));
185 TEST2(err, KErrPermissionDenied);
187 //Attempt to read from the main non-secure database
188 err = TheDb.Exec(_L("SELECT * FROM main.a1"));
190 //Attempt to write to the main non-secure database
191 err = TheDb.Exec(_L("INSERT INTO a1(f1) valUES(10)"));
193 //Attempt to modify the main non-secure database schema
194 err = TheDb.Exec(_L("CREATE TABLE a3(H REAL)"));
197 TheTest.Printf(_L("===Attach second, non-secure database"));
198 //Attach a non-secure database
199 //The test application should be able to do everything with the attached database
200 _LIT(KAttachDb2, "db2");
201 err = TheDb.Attach(KTestDb2, KAttachDb2);
202 TEST2(err, KErrNone);
204 //Attempt to read from the attached non-secure database
205 err = TheDb.Exec(_L("SELECT * FROM db2.B"));
207 //Attempt to write to the attached non-secure database
208 err = TheDb.Exec(_L("INSERT INTO dB2.b(a2) ValUES(112)"));
210 //Attempt to modify the attached non-secure database schema
211 err = TheDb.Exec(_L("ALTER TABLE db2.b ADD COLUMN a3 text"));
214 TheTest.Printf(_L("===Attach third, non-secure database (the main database)"));
215 //Attach a non-secure database (the main database)
216 //The test application should be able to do everything with the attached database
217 _LIT(KAttachDb3, "db3");
218 err = TheDb.Attach(KTestDb1, KAttachDb3);
219 TEST2(err, KErrNone);
221 //Attempt to read from the third, non-secure database
222 err = TheDb.Exec(_L("SELECT * FROM db3.a1"));
224 //Attempt to write to the third, non-secure database
225 err = TheDb.Exec(_L("INSERT INTO db3.a1(f2) values(11)"));
227 //Attempt to modify the third, non-secure database schema
228 err = TheDb.Exec(_L("CREATE TABLE db3.a4(s blob)"));
229 TEST(err < 0);//Cannot modify the main database from the atatched!?
231 TheTest.Printf(_L("===Attach fourth, secure database"));
232 //Attach a secure database
233 //The test application can only write to the database, but cannot modify the schema or read from the database
234 _LIT(KAttachDb4, "db4");
235 err = TheDb.Attach(KSecureTestDb2, KAttachDb4);
236 TEST2(err, KErrNone);
238 //Attempt to read from the attached secure database
239 err = TheDb.Exec(_L("SELECT * FROM db4.c"));
240 TEST2(err, KErrPermissionDenied);
241 //Attempt to write to the attached secure database
242 err = TheDb.Exec(_L("INSERT INTO Db4.c(a1) VALUES(1)"));
244 //Attempt to write to a non-secure database using data from the attached secure database
245 err = TheDb.Exec(_L("INSERT INTO a1(f1) select db4.c.a1 from db4.c"));
246 TEST2(err, KErrPermissionDenied);
247 //Attempt to write to a secure database using data from a non-secure database
248 err = TheDb.Exec(_L("INSERT INTO db4.c(a1) select f1 from a1"));
250 err = TheDb.Exec(_L("UPDATE db4.C SET a1 = 3 WHERE a1 = 1"));
251 TEST2(err, KErrPermissionDenied);//!?!?!?
252 err = TheDb.Exec(_L("DELETE FROM db4.C"));
254 //Attempt to modify the attached secure database schema
255 err = TheDb.Exec(_L("CREATE TABLE db4.CCC(z integer)"));
256 TEST2(err, KErrPermissionDenied);
257 err = TheDb.Exec(_L("DROP table db4.C"));
258 TEST2(err, KErrPermissionDenied);
260 err = TheDb.Detach(KAttachDb2);
261 TEST2(err, KErrNone);
262 err = TheDb.Detach(KAttachDb1);
263 TEST2(err, KErrNone);
265 err = TheDb.Detach(KAttachDb4);
266 TEST2(err, KErrNone);
267 err = TheDb.Exec(_L("SELECT * FROM db4.c"));
270 err = TheDb.Detach(KAttachDb2);
271 TEST(err != KErrNone);
273 err = TheDb.Detach(KAttachDb3);
274 TEST2(err, KErrNone);
275 err = TheDb.Exec(_L("INSERT INTO db3.a1(f2) values(11)"));
278 err = TheDb.Detach(KAttachDb4);
279 TEST(err != KErrNone);
281 //Detach() with zero-length logical database name
282 err = TheDb.Detach(_L(""));
283 TEST2(err, KErrBadName);
285 //Detach() with logical database name containing "bad" unicode characters (cannot be converted to UTF8)
287 dbName3.SetLength(2);
288 dbName3[0] = TChar(0xD800);
289 dbName3[1] = TChar(0xFC00);
290 err = TheDb.Detach(dbName3);
291 TEST2(err, KSqlErrGeneral);
293 //Attach a non-existing database
294 _LIT(KAttachDbFile5, "c:\\test\\zxcvbnm987654321.db");
295 _LIT(KAttachDb5, "zxcvbnm987654321");
296 err = TheDb.Attach(KAttachDbFile5, KAttachDb5);
297 TEST2(err, KErrNotFound);
303 @SYMTestCaseID SYSLIB-SQL-CT-1642
304 @SYMTestCaseDesc Attached database tests.
305 Open secure database, attach secure database.
306 The test application's security policy allows read/write operations on the main
307 database, but database schema modifications are not allowed. The test application
308 is allowed to write to the attached database but can't read from or modify the schema.
309 The test executes different kind of SQL statements to verify that the test application's security
310 policy is properly asserted by the SQL server.
311 @SYMTestPriority High
312 @SYMTestActions Execution SQL statements on attached database.
313 @SYMTestExpectedResults Test must not fail
319 //The test application can read/write the database tables but cannot modify the database structure
320 TInt err = TheDb.Open(KSecureTestDb1);
321 TEST2(err, KErrNone);
322 _LIT(KAttachDb2, "Db2");
323 //The test application can only write to the database, but cannot modify the schema or read from the database
324 err = TheDb.Attach(KSecureTestDb2, KAttachDb2);
325 TEST2(err, KErrNone);
327 //Attempt to read from the main database and write to the attached database
328 err = TheDb.Exec(_L("INSERT INTO db2.c(a1) SELECT f1 FROM a1"));
331 //Attempt to read from the attached database and write to the main database
332 err = TheDb.Exec(_L("INSERT INTO a1(f2) SELECT a1 FROM db2.c"));
333 TEST2(err, KErrPermissionDenied);
335 //Attempt to detach database using DETACH sql statement directly.
336 err = TheDb.Exec(_L("DETACH DATABASE DB2"));
337 TEST2(err, KErrPermissionDenied);
339 err = TheDb.Detach(KAttachDb2);
340 TEST2(err, KErrNone);
342 //Attempt to attach a database using ATTACH sql statement directly.
344 sql.Format(_L("ATTACH DATABASE '%S' AS Db3"), &KSecureTestDb2);
345 err = TheDb.Exec(sql);
346 TEST2(err, KErrPermissionDenied);
352 @SYMTestCaseID SYSLIB-SQL-CT-1814
353 @SYMTestCaseDesc Attached database tests. SQL injection.
354 Create the following test databases:
356 2) c:\test\inj.db' as db; delete from a;
357 3) c:[21212123]Injected.db
358 Insert some records in database (3). Attach database (2) to database (3).
359 Check the records count of table A. If the count is zero, then it means that the injection has been successful
360 and a security hole exists when attaching/detaching databases.
361 @SYMTestPriority High
362 @SYMTestActions Attached database tests. SQL injection.
363 @SYMTestExpectedResults Test must not fail
367 void SqlInjectionTest()
369 //Create the database, which name is used for the attack.
370 //This is done just to ensure that the database, which name is used in the SQL injection, exists,
371 //Otherwise the injection attack may fail with KErrNotFound error.
372 TInt err = TheDb2.Create(KTestDb3);
373 TEST2(err, KErrNone);
375 err = TheDb2.Create(KDbNameInjection);
376 TEST2(err, KErrNone);
378 //Create a secure database, which will be impacted by the SQL injection
379 TSecurityPolicy policy(TSecurityPolicy::EAlwaysPass);
380 RSqlSecurityPolicy dbPolicy;
381 err = dbPolicy.Create(policy);
382 TEST2(err, KErrNone);
383 err = TheDb.Create(KSecureTestDb3, dbPolicy);
384 TEST2(err, KErrNone);
385 err = TheDb.Exec(_L("CREATE TABLE A(Id Integer)"));
387 err = TheDb.Exec(_L("INSERT INTO A(Id) VALUES(1)"));
389 err = TheDb.Exec(_L("INSERT INTO A(Id) VALUES(2)"));
391 const TInt KInsertedRecCnt = 2;
395 //Repopen the secure database and attach the secind database, which file name is actually a SQL injection
396 err = TheDb.Open(KSecureTestDb3);
397 TEST2(err, KErrNone);
398 err = TheDb.Attach(KDbNameInjection, _L("Db2"));
399 TEST2(err, KErrNone);
400 //Check table A contents. If the security hole still exists, table A content is gone.
401 TSqlScalarFullSelectQuery query(TheDb);
403 TRAP(err, recCnt = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
404 TEST2(err, KErrNone);
405 TEST2(recCnt, KInsertedRecCnt);//if zero records count - successfull SQL injection - the security hole exists!
406 //Try to execute RSqlDatabase::Detach(), where instead of a logical database name, SQL statement is supplied.
407 err = TheDb.Detach(_L("DB; INSERT INTO A(Id) VALUES(3)"));
408 TEST(err != KErrNone);
409 //Check table A contents. If the security hole still exists, table A will have one more record.
410 TRAP(err, recCnt = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
411 TEST2(err, KErrNone);
412 TEST2(recCnt, KInsertedRecCnt);//if one more record - successfull SQL injection - the security hole exists!
415 (void)RSqlDatabase::Delete(KDbNameInjection);
416 (void)RSqlDatabase::Delete(KTestDb3);
417 (void)RSqlDatabase::Delete(KSecureTestDb3);
421 @SYMTestCaseID SYSLIB-SQL-UT-3507
422 @SYMTestCaseDesc Test for DEF109100: SQL, code coverage for TSqlBufRIterator, TSqlAttachDbRefCounter is very low.
423 The test opens two existing databases, and the attaches to them the same secure shared database.
424 @SYMTestPriority High
425 @SYMTestActions Test for DEF109100: SQL, code coverage for TSqlBufRIterator, TSqlAttachDbRefCounter is very low.
426 @SYMTestExpectedResults Test must not fail
429 void TwoConnAttachTest()
432 TInt err = TheDb.Open(KTestDb1);
433 TEST2(err, KErrNone);
435 err = TheDb2.Open(KTestDb2);
436 TEST2(err, KErrNone);
437 //Attach KSecureTestDb1 to connection 1
438 _LIT(KAttachDb1, "Db1");
439 err = TheDb.Attach(KSecureTestDb1, KAttachDb1);
440 TEST2(err, KErrNone);
441 //Attach KSecureTestDb1 to connection 2
442 err = TheDb2.Attach(KSecureTestDb1, KAttachDb1);
443 TEST2(err, KErrNone);
445 err = TheDb2.Detach(KAttachDb1);
446 TEST2(err, KErrNone);
447 err = TheDb.Detach(KAttachDb1);
448 TEST2(err, KErrNone);
455 @SYMTestCaseID SYSLIB-SQL-UT-3515
456 @SYMTestCaseDesc RSqlStatement::DeclaredColumnType() test
457 The test creates 2 tables in two different databases. Then the test opens the first database and
458 attaches the second one. After that a SELECT sql statement is prepared and the statement operates
459 on both tables: from the main database and the attached one.
460 DeclaredColumnType() is called after the statement preparation and column types checked.
461 @SYMTestPriority High
462 @SYMTestActions RSqlStatement::ColumnCount() test
463 @SYMTestExpectedResults Test must not fail
466 void DeclaredColumnTypeTest()
469 TInt err = TheDb.Open(KTestDb1);
470 TEST2(err, KErrNone);
471 err = TheDb.Exec(_L("CREATE TABLE Y(Id INTEGER, Name TEXT)"));
474 err = TheDb.Open(KTestDb2);
475 TEST2(err, KErrNone);
476 err = TheDb.Exec(_L("CREATE TABLE Z(Id INTEGER, Data BLOB)"));
479 //Open KTestDb1, attach KTestDb2
480 err = TheDb.Open(KTestDb1);
481 TEST2(err, KErrNone);
482 _LIT(KAttachDb, "Db2");
483 err = TheDb.Attach(KTestDb2, KAttachDb);
484 TEST2(err, KErrNone);
485 //SELECT from both db
487 err = stmt.Prepare(TheDb, _L("SELECT Y.Id, Y.Name, DB2.Z.Data FROM Y,DB2.Z WHERE Y.Id = DB2.Z.Id"));
488 TEST2(err, KErrNone);
489 TInt colCnt = stmt.ColumnCount();
491 TSqlColumnType colType;
492 err = stmt.DeclaredColumnType(0, colType);
493 TEST2(err, KErrNone);
494 TEST2(colType, ESqlInt);
495 err = stmt.DeclaredColumnType(1, colType);
496 TEST2(err, KErrNone);
497 TEST2(colType, ESqlText);
498 err = stmt.DeclaredColumnType(2, colType);
499 TEST2(err, KErrNone);
500 TEST2(colType, ESqlBinary);
503 err = TheDb.Detach(KAttachDb);
504 TEST2(err, KErrNone);
509 @SYMTestCaseID SYSLIB-SQL-UT-4016
510 @SYMTestCaseDesc Test for DEF116713 SQL: No redindexing occurs for an attached database.
511 The test does the following steps:
512 1) Sets the "CollationDllName" column value in the "symbian_settings" stable of the database to be used
513 as an attached database (KTestDb2). The set column value is different than the default collation dll name.
514 2) Opens KTestDb1, attaches KTestDb2.
515 3) When KTestDb2 is attached to KTestDb1, the SQL server should detect that the "CollationDllName" column
516 value is different than the default collation dll name and should reindex the attached database and then
517 store the current collation dll name in the "CollationDllName" column.
518 4) The test checks that after attaching the KTestDb2 database, the "CollationDllName" column value
519 is not the previously used test collation dll name.
521 @SYMTestActions Test for DEF116713 SQL: No redindexing occurs for an attached database.
522 @SYMTestExpectedResults Test must not fail
527 //Set the "CollationDllName" column value in "symbian_settings" table of the database to be attached -
528 //not to be the default collation dll name.
529 TInt err = TheDb.Open(KTestDb2);
530 TEST2(err, KErrNone);
531 err = TheDb.Exec(_L("UPDATE symbian_settings SET CollationDllName='ddkjrrm'"));
534 //Open the main database, attach the other one
535 err = TheDb.Open(KTestDb1);
536 TEST2(err, KErrNone);
537 err = TheDb.Attach(KTestDb2, _L("Db2"));
538 TEST2(err, KErrNone);
539 //The expectation is that the attached database is reindexed and the "CollationDllName" column value - set.
541 err = stmt.Prepare(TheDb, _L("SELECT CollationDllName FROM Db2.symbian_settings"));
542 TEST2(err, KErrNone);
544 TEST2(err, KSqlAtRow);
545 TPtrC collationDllName;
546 err = stmt.ColumnText(0, collationDllName);
547 TEST2(err, KErrNone);
551 _LIT(KTestCollationDllName, "ddkjrrm");//The same as the used in the "UPDATE symbian_settings" sql.
552 TEST(collationDllName != KTestCollationDllName);
556 @SYMTestCaseID SYSLIB-SQL-UT-4042
557 @SYMTestCaseDesc RSqlDatabase::Size(TSize&) on attached database - injection test.
558 The test creates a database and attempts to attach another database,
559 passing a DELETE SQL statement in the attached database name.
560 The attach operation is expected to fail, the database content should stay
561 unchanged after the operation.
562 @SYMTestPriority High
563 @SYMTestActions RSqlDatabase::Size(TSize&) on attached database - injection test.
564 @SYMTestExpectedResults Test must not fail
567 void Size2InjectionTest()
569 TInt err = TheDb.Create(KTestDb4);
570 TEST2(err, KErrNone);
571 err = TheDb.Exec(_L("CREATE TABLE A(I INTEGER)"));
573 err = TheDb.Exec(_L("INSERT INTO A VALUES(1)"));
575 _LIT(KAttachDbName, "B");
576 err = TheDb.Attach(KTestDb4, KAttachDbName);
577 TEST2(err, KErrNone);
578 RSqlDatabase::TSize size;
579 err = TheDb.Size(size, _L("B;DELETE FROM MAIN.A"));
580 TEST2(err, KSqlErrGeneral);
581 TPtrC msg = TheDb.LastErrorMessage();
582 TheTest.Printf(_L("RSqlDatabase::Size(TSize&) injection, error message: %S\r\n"), &msg);
583 TSqlScalarFullSelectQuery q(TheDb);
585 TRAP(err, reccnt = q.SelectIntL(_L("SELECT COUNT(*) FROM MAIN.A")));
586 TEST2(err, KErrNone);
588 err = TheDb.Detach(KAttachDbName);
589 TEST2(err, KErrNone);
591 (void)RSqlDatabase::Delete(KTestDb4);
595 @SYMTestCaseID SYSLIB-SQL-UT-4043
596 @SYMTestCaseDesc RSqlDatabase::Compact() on attached database - injection test.
597 The test creates a database and attaches another database.
598 Then the test attempts to compact the attached database calling
599 RSqlDatabase::Compact() passing DROP TABLE and DELETE statements
600 as name of the attached database. The call is expected to fail,
601 the database content should stay unchanged after the call.
602 @SYMTestPriority High
603 @SYMTestActions RSqlDatabase::Compact() on attached database - injection test.
604 @SYMTestExpectedResults Test must not fail
607 void CompactInjectionTest()
609 TInt err = TheDb.Create(KTestDb4);
610 TEST2(err, KErrNone);
611 err = TheDb.Exec(_L("CREATE TABLE A(I INTEGER); INSERT INTO A(I) VALUES(1)"));
613 _LIT(KAttachDbName, "B");
614 err = TheDb.Attach(KTestDb4, KAttachDbName);
615 TEST2(err, KErrNone);
616 err = TheDb.Compact(RSqlDatabase::EMaxCompaction, _L("B;DROP B.A"));
617 TEST2(err, KSqlErrGeneral);
618 TPtrC msg = TheDb.LastErrorMessage();
619 TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
621 TSqlScalarFullSelectQuery query(TheDb);
623 TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
624 TEST2(err, KErrNone);
627 err = TheDb.Compact(8192, _L("B;DROP B.A;"));
628 TEST2(err, KSqlErrGeneral);
629 msg.Set(TheDb.LastErrorMessage());
630 TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
633 TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
634 TEST2(err, KErrNone);
638 TheDb.Compact(8192, stat, _L("B;DELETE FROM B.A;"));
639 User::WaitForRequest(stat);
640 TEST2(stat.Int(), KSqlErrGeneral);
641 msg.Set(TheDb.LastErrorMessage());
642 TheTest.Printf(_L("RSqlDatabase::Compact() injection, error message: %S\r\n"), &msg);
645 TRAP(err, recCount = query.SelectIntL(_L("SELECT COUNT(*) FROM A")));
646 TEST2(err, KErrNone);
649 err = TheDb.Detach(KAttachDbName);
650 TEST2(err, KErrNone);
652 (void)RSqlDatabase::Delete(KTestDb4);
656 @SYMTestCaseID SYSLIB-SQL-UT-4094
657 @SYMTestCaseDesc Incremental blob i/o tests on an attached database.
658 Open secure database, attach secure database.
659 The test application's security policy allows incremental blob read & write
660 operations on the main database, but only write operations on the attached database.
661 The test attempts to read and write to a blob in the attached database to verify that
662 the test application's security policy is properly asserted by the Symbian SQL server.
663 @SYMTestPriority High
664 @SYMTestActions Execution of blob read and write operations on the attached database.
665 @SYMTestExpectedResults Test must not fail
668 void BlobAttachedTestL()
670 // Open the main secure database - the test application can read & write blobs in it
671 // Attach another secure database - the test application can only write blobs in it
672 TInt err = TheDb.Open(KSecureTestDb1);
673 TEST2(err, KErrNone);
674 _LIT(KAttachDb1, "Db1");
675 err = TheDb.Attach(KSecureTestDb2, KAttachDb1);
676 TEST2(err, KErrNone);
678 // Insert a new record into the attached database - the blob value is "AAAAAAAAAA"
679 err = TheDb.Exec(_L("INSERT INTO Db1.C(A1, B2) VALUES(15, x'41414141414141414141')"));
682 // Attempt to write to a blob in the attached database
683 RSqlBlobWriteStream wrStrm;
684 CleanupClosePushL(wrStrm);
685 TRAP(err, wrStrm.OpenL(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
686 TEST2(err, KErrNone);
687 TRAP(err, wrStrm.WriteL(_L8("ZZZ")));
688 TEST2(err, KErrNone);
689 CleanupStack::PopAndDestroy(&wrStrm);
691 TRAP(err, TSqlBlob::SetL(TheDb, _L("C"), _L("B2"), _L8("YYYYY"), KSqlLastInsertedRowId, KAttachDb1));
692 TEST2(err, KErrNone);
694 // Attempt to read a blob in the attached database
695 RSqlBlobReadStream rdStrm;
696 CleanupClosePushL(rdStrm);
697 TRAP(err, rdStrm.OpenL(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
698 TEST2(err, KErrPermissionDenied);
699 CleanupStack::PopAndDestroy(&rdStrm);
701 HBufC8* wholeBuf = NULL;
702 TRAP(err, wholeBuf = TSqlBlob::GetLC(TheDb, _L("C"), _L("B2"), KSqlLastInsertedRowId, KAttachDb1));
703 TEST2(err, KErrPermissionDenied);
705 HBufC8* buf = HBufC8::NewLC(10);
706 TPtr8 bufPtr(buf->Des());
707 err = TSqlBlob::Get(TheDb, _L("C"), _L("B2"), bufPtr, KSqlLastInsertedRowId, KAttachDb1);
708 TEST2(err, KErrPermissionDenied);
709 CleanupStack::PopAndDestroy(buf);
711 // SQLite and system tables in the attached database
713 // Attempt to read from and write to the SQLite master table -
714 // reads should be permitted because write capability is enough for this,
715 // writes should not be permitted because schema capability is required for this
717 CleanupClosePushL(rdStrm);
718 TRAP(err, rdStrm.OpenL(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1)); // TEXT column
719 TEST2(err, KErrNone);
720 TRAP(err, rdStrm.ReadL(data, 1));
721 TEST2(err, KErrNone);
722 CleanupStack::PopAndDestroy(&rdStrm);
724 wholeBuf = TSqlBlob::GetLC(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1);
725 TEST(wholeBuf->Length() > 0);
726 CleanupStack::PopAndDestroy(wholeBuf);
728 buf = HBufC8::NewLC(100);
729 bufPtr.Set(buf->Des());
730 err = TSqlBlob::Get(TheDb, _L("sqlite_master"), _L("tbl_name"), bufPtr, 1, KAttachDb1);
731 TEST2(err, KErrNone);
732 TEST(bufPtr.Length() > 0);
733 CleanupStack::PopAndDestroy(buf);
735 CleanupClosePushL(wrStrm);
736 TRAP(err, wrStrm.OpenL(TheDb, _L("sqlite_master"), _L("tbl_name"), 1, KAttachDb1));
737 TEST2(err, KErrPermissionDenied);
738 CleanupStack::PopAndDestroy(&wrStrm);
740 TRAP(err, TSqlBlob::SetL(TheDb, _L("sqlite_master"), _L("tbl_name"), _L8("VVVV"), 1, KAttachDb1));
741 TEST2(err, KErrPermissionDenied);
743 // Attempt to read from and write to the system tables in the attached database - neither reads nor writes should be permitted
744 CleanupClosePushL(rdStrm);
745 TRAP(err, rdStrm.OpenL(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1)); // BLOB column
746 TEST2(err, KErrPermissionDenied);
747 CleanupStack::PopAndDestroy(&rdStrm);
749 TRAP(err, wholeBuf = TSqlBlob::GetLC(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1));
750 TEST2(err, KErrPermissionDenied);
752 buf = HBufC8::NewLC(100);
753 bufPtr.Set(buf->Des());
754 err = TSqlBlob::Get(TheDb, _L("symbian_security"), _L("PolicyData"), bufPtr, 1, KAttachDb1);
755 TEST2(err, KErrPermissionDenied);
756 CleanupStack::PopAndDestroy(buf);
758 CleanupClosePushL(wrStrm);
759 TRAP(err, wrStrm.OpenL(TheDb, _L("symbian_security"), _L("PolicyData"), 1, KAttachDb1));
760 TEST2(err, KErrPermissionDenied);
761 CleanupStack::PopAndDestroy(&wrStrm);
763 TRAP(err, TSqlBlob::SetL(TheDb, _L("symbian_security"), _L("PolicyData"), _L8("VVVV"), 1, KAttachDb1));
764 TEST2(err, KErrPermissionDenied);
773 TheTest.Start(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1641 ===Open non-secure database, attach secure database "));
776 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1642 ===Open secure database, attach secure database "));
779 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-CT-1814 SQL injection test "));
782 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-3507 DEF109100 - SQL, code coverage for TSqlBufRIterator,TSqlAttachDbRefCounter is very low "));
785 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-3515 RSqlStatement::DeclaredColumnType() and attached databases test "));
786 DeclaredColumnTypeTest();
788 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4016 DEF116713 SQL: No redindexing occurs for an attached database "));
791 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4042 RSqlDatabase::Size(TSize) - attached database, injection test"));
792 Size2InjectionTest();
794 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4043 RSqlDatabase::Compact() - attached database, injection test"));
795 CompactInjectionTest();
797 TheTest.Next(_L(" @SYMTestCaseID:SYSLIB-SQL-UT-4094 Incremental blob attached test"));
805 CTrapCleanup* tc = CTrapCleanup::New();
812 TRAPD(err, DoTestsL());
814 TEST2(err, KErrNone);
823 User::Heap().Check();