1111

backend/tests/sql-guard.test.ts

@@ -0,0 +1,27 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { guardSql } from "../src/lib/sql-guard.js";
+
+test("guardSql blocks DROP DATABASE", () => {
+  assert.throws(
+    () =>
+      guardSql("DROP DATABASE appdb", {
+        allowMultiStatement: false,
+        readOnly: false,
+        allowSchemaChanges: true
+      }),
+    /blocked/i
+  );
+});
+
+test("guardSql blocks writes for read-only users", () => {
+  assert.throws(
+    () =>
+      guardSql("update users set name = 'x'", {
+        allowMultiStatement: false,
+        readOnly: true,
+        allowSchemaChanges: false
+      }),
+    /Read-only/i
+  );
+});