28 lines
630 B
TypeScript
28 lines
630 B
TypeScript
import test from "node:test";
|
|
import assert from "node:assert/strict";
|
|
import { guardSql } from "../src/lib/sql-guard.js";
|
|
|
|
test("guardSql blocks DROP DATABASE", () => {
|
|
assert.throws(
|
|
() =>
|
|
guardSql("DROP DATABASE appdb", {
|
|
allowMultiStatement: false,
|
|
readOnly: false,
|
|
allowSchemaChanges: true
|
|
}),
|
|
/blocked/i
|
|
);
|
|
});
|
|
|
|
test("guardSql blocks writes for read-only users", () => {
|
|
assert.throws(
|
|
() =>
|
|
guardSql("update users set name = 'x'", {
|
|
allowMultiStatement: false,
|
|
readOnly: true,
|
|
allowSchemaChanges: false
|
|
}),
|
|
/Read-only/i
|
|
);
|
|
});
|