MCP/mcaxl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mcaxl/tests/test_sql_validator.py
Ryan Malloy 82d8fbe563 SQL validator: ignore string literals; CSS impact: add primary + 7 more 
Two defects found during live-cluster audit shakedown.

1. SQL validator false-positives on string literals
   The forbidden-keyword check tokenized the entire query, including
   contents of single-quoted string literals. CSS names like
   'Call Forward-CSS', DN descriptions containing 'DELETE', or partition
   names with 'INSERT' all tripped the validator even though the SQL
   itself was clean read-only. Found while running impact analysis on
   "Call Forward-CSS".

   Fix: strip string literals (single-quoted, with '' as escape) into
   whitespace before the forbidden-keyword tokenization. The cleaned
   query returned to the caller still contains the literals — they're
   only invisible to the analysis pass.

   7 new tests covering: words inside literals (Call/Drop/Delete/etc.),
   escaped quotes, multiple literals, and the critical case where a
   forbidden keyword appears immediately after a literal.

2. CSS impact analysis missed primary device CSS + 7 other refs
   Running route_devices_using_css("E911CSS") returned total=0 even
   though E911CSS is configured in the cluster. Root cause: our
   enumeration covered device.fkcallingsearchspace_{reroute,restrict,
   refer,rdntransform} but not the primary device.fkcallingsearchspace
   itself — the column the GUI sets when assigning a CSS to a phone.
   The simple unsuffixed name didn't match our earlier "%css%" schema
   filter (the actual column spells out "callingsearchspace").

   Added 8 new reference categories:
     device_primary_css                — the big one
     device_cgpn_unknown_css           — calling-party-unknown
     line_monitoring_css               — devicenumplanmap monitoring CSS
     gateway_h323_called_xform_css     — H.323 gateway transform
     gateway_sip_called_xform_css      — SIP trunk transform
     huntpilot_max_wait_css            — hunt pilot queue handling
     huntpilot_no_agent_css            — hunt pilot queue handling
     huntpilot_queue_full_css          — hunt pilot queue handling

   Re-running on live cluster:
     Internal-CSS:     146 -> 163 refs (16 new device_primary_css matches)
     Call Forward-CSS: previously rejected by validator -> 150 refs
     E911CSS:          still 0 — high-confidence orphan finding now
2026-04-25 20:50:57 -06:00

127 lines
5.0 KiB
Python
Raw Blame History

"""Tests for the SELECT-only SQL guardrail."""
import pytest
from mcp_cucm_axl.sql_validator import validate_select, SqlValidationError
class TestSelectAccepted:
def test_simple_select(self):
assert validate_select("SELECT * FROM device") == "SELECT * FROM device"
def test_with_cte(self):
q = "WITH x AS (SELECT 1 FROM systables) SELECT * FROM x"
assert validate_select(q) == q
def test_lowercase_select(self):
assert validate_select("select * from numplan") == "select * from numplan"
def test_trailing_semicolon_stripped(self):
assert validate_select("SELECT 1 FROM device;") == "SELECT 1 FROM device"
def test_block_comments_stripped(self):
q = "/* comment */ SELECT 1 FROM device"
cleaned = validate_select(q)
assert "SELECT 1 FROM device" in cleaned
def test_line_comments_stripped(self):
q = "-- a comment\nSELECT 1 FROM device"
cleaned = validate_select(q)
assert "SELECT 1 FROM device" in cleaned
class TestRejected:
def test_empty(self):
with pytest.raises(SqlValidationError, match="empty"):
validate_select("")
def test_whitespace_only(self):
with pytest.raises(SqlValidationError, match="empty"):
validate_select(" \n ")
def test_only_comments(self):
with pytest.raises(SqlValidationError, match="empty"):
validate_select("-- just a comment\n/* and another */")
def test_insert_rejected(self):
with pytest.raises(SqlValidationError, match="INSERT"):
validate_select("INSERT INTO device VALUES (1)")
def test_update_rejected(self):
with pytest.raises(SqlValidationError, match="UPDATE"):
validate_select("UPDATE device SET name='x' WHERE pkid='y'")
def test_delete_rejected(self):
with pytest.raises(SqlValidationError, match="DELETE"):
validate_select("DELETE FROM device WHERE pkid='y'")
def test_drop_rejected(self):
with pytest.raises(SqlValidationError, match="DROP"):
validate_select("DROP TABLE device")
def test_select_with_embedded_drop_rejected(self):
# Belt-and-suspenders: even if "DROP" appears in a quoted string-ish
# position our keyword filter still catches it. AXL would also reject
# this, but failing fast on the client saves a SOAP round-trip.
with pytest.raises(SqlValidationError, match="DROP"):
validate_select("SELECT 1 FROM device; DROP TABLE device")
def test_truncate_rejected(self):
with pytest.raises(SqlValidationError, match="TRUNCATE"):
validate_select("TRUNCATE TABLE device")
class TestEdgeCases:
def test_keyword_as_column_name_blocked(self):
# A column named "delete" would be blocked. This is acceptable —
# the data dictionary doesn't use SQL keywords as column names,
# and conservative blocking is the right call for v1.
with pytest.raises(SqlValidationError):
validate_select("SELECT delete FROM device")
def test_select_with_subquery(self):
q = "SELECT name FROM device WHERE pkid IN (SELECT fkdevice FROM numplan)"
assert "SELECT name FROM device" in validate_select(q)
class TestStringLiterals:
"""Forbidden keywords inside string literals must be ignored.
Otherwise CSS names like 'Call Forward-CSS', DN descriptions containing
'DELETE' (e.g., 'Delete this voicemail line'), or partition names with
'INSERT' would all fail to query, even though the SQL itself is read-only.
"""
def test_call_inside_string_literal_passes(self):
q = "SELECT pkid FROM callingsearchspace WHERE name = 'Call Forward-CSS'"
result = validate_select(q)
assert "Call Forward-CSS" in result # literal preserved
def test_delete_inside_string_literal_passes(self):
q = "SELECT pkid FROM numplan WHERE description = 'Delete after audit'"
result = validate_select(q)
assert "Delete after audit" in result
def test_drop_inside_string_literal_passes(self):
q = "SELECT pkid FROM numplan WHERE description = 'DROP table backup'"
assert validate_select(q)
def test_actual_drop_outside_literal_still_blocked(self):
with pytest.raises(SqlValidationError, match="DROP"):
validate_select("SELECT 1 FROM device; DROP TABLE backup")
def test_escaped_quote_in_literal(self):
# Informix uses '' (doubled) as escaped single quote within literals
q = "SELECT pkid FROM numplan WHERE description = 'O''Brien''s line'"
result = validate_select(q)
assert "O''Brien''s line" in result
def test_keyword_just_outside_literal_blocked(self):
# The literal 'safe text' is fine; the trailing DROP is not.
with pytest.raises(SqlValidationError, match="DROP"):
validate_select("SELECT 1 FROM device WHERE x = 'safe text' OR DROP")
def test_multiple_literals(self):
q = "SELECT 1 FROM numplan WHERE name = 'CALL' AND description = 'UPDATE pending'"
assert validate_select(q)
Reference in New Issue View Git Blame Copy Permalink