package org.dashbuilder.dataprovider.sql;

import org.dashbuilder.dataset.DataSetLookupFactory;
import org.dashbuilder.dataset.filter.ColumnFilter;
import org.dashbuilder.dataset.filter.FilterFactory;
import org.dashbuilder.dataset.impl.DataSetLookupBuilderImpl;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.slf4j.Logger;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/dashbuilder/dataprovider/sql/SQLInjectionAttacksTest.class */
public class SQLInjectionAttacksTest extends SQLDataSetTestBase {

    @Mock
    Logger logger;

    @Override // org.dashbuilder.dataprovider.sql.SQLDataSetTestBase
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.sqlDataSetProvider.log = this.logger;
        ((Logger) Mockito.doAnswer(invocationOnMock -> {
            System.out.println((String) invocationOnMock.getArguments()[0]);
            return null;
        }).when(this.logger)).debug(Mockito.anyString());
    }

    @Override // org.dashbuilder.dataprovider.sql.SQLDataSetTestBase
    public void testAll() throws Exception {
        testStringFilterInjection();
    }

    public void testStringFilterInjection() throws Exception {
        Assert.assertEquals(this.dataSetManager.lookupDataSet(((DataSetLookupBuilderImpl) ((DataSetLookupBuilderImpl) DataSetLookupFactory.newDataSetLookupBuilder().dataset("expense_reports")).filter("EMPLOYEE", new ColumnFilter[]{FilterFactory.equalsTo("David' OR EMPLOYEE != 'Toni")})).buildLookup()).getRowCount(), 0L);
        Assert.assertEquals(this.dataSetManager.lookupDataSet(((DataSetLookupBuilderImpl) ((DataSetLookupBuilderImpl) DataSetLookupFactory.newDataSetLookupBuilder().dataset("expense_reports")).filter("EMPLOYEE", new ColumnFilter[]{FilterFactory.equalsTo("David\" OR EMPLOYEE != \"Toni")})).buildLookup()).getRowCount(), 0L);
        Assert.assertEquals(this.dataSetManager.lookupDataSet(((DataSetLookupBuilderImpl) ((DataSetLookupBuilderImpl) DataSetLookupFactory.newDataSetLookupBuilder().dataset("expense_reports")).filter("EMPLOYEE", new ColumnFilter[]{FilterFactory.equalsTo("David` OR EMPLOYEE != `Toni")})).buildLookup()).getRowCount(), 0L);
    }

    @Test
    public void testDropTable() throws Exception {
        this.dataSetManager.lookupDataSet(((DataSetLookupBuilderImpl) ((DataSetLookupBuilderImpl) DataSetLookupFactory.newDataSetLookupBuilder().dataset("expense_reports")).filter("EMPLOYEE", new ColumnFilter[]{FilterFactory.equalsTo("David'; DROP TABLE 'EXPENSE_REPORTS; SELECT 'a' = 'a")})).buildLookup());
        Assert.assertEquals(this.dataSetManager.lookupDataSet(((DataSetLookupBuilderImpl) DataSetLookupFactory.newDataSetLookupBuilder().dataset("expense_reports")).buildLookup()).getRowCount(), 50L);
    }
}
