Add basic sec tests for all DDL, DCL and DML queries

server/src/engine/ql/ast/mod.rs

@@ -39,7 +39,7 @@ use {
             data::{cell::Datacell, lit::Lit},
             error::{QueryError, QueryResult},
         },
-        util::MaybeInit,
+        util::{compiler, MaybeInit},
     },
 };
 
@@ -317,13 +317,17 @@ impl<'a, Qd: QueryData<'a>> State<'a, Qd> {
         self.round_cursor_up(0)
     }
     pub fn try_statement(&mut self) -> QueryResult<KeywordStmt> {
-        match self.fw_read() {
-            Token::Keyword(Keyword::Statement(stmt)) => Ok(*stmt),
-            _ => Err(QueryError::QLExpectedStatement),
+        if compiler::unlikely(self.exhausted()) {
+            compiler::cold_call(|| Err(QueryError::QLExpectedStatement))
+        } else {
+            match self.fw_read() {
+                Token::Keyword(Keyword::Statement(stmt)) => Ok(*stmt),
+                _ => Err(QueryError::QLExpectedStatement),
+            }
         }
     }
     pub fn ensure_minimum_for_blocking_stmt(&self) -> QueryResult<()> {
-        if self.exhausted() {
+        if self.remaining() < 2 {
             return Err(QueryError::QLExpectedStatement);
         } else {
             Ok(())

server/src/engine/tests/client/mod.rs

@@ -24,5 +24,5 @@
  *
 */
 
-mod ddl;
+mod sec;
 mod sysctl;

server/src/engine/tests/client/sec/dcl_sec.rs

@@ -24,42 +24,54 @@
  *
 */
 
-use skytable::error::Error;
-use {crate::engine::error::QueryError, sky_macros::dbtest, skytable::query};
+use {
+    super::{INVALID_SYNTAX_ERR, UNKNOWN_STMT_ERR},
+    sky_macros::dbtest,
+    skytable::{error::Error, query},
+};
 
-const INVALID_SYNTAX_ERR: u16 = QueryError::QLInvalidSyntax.value_u8() as u16;
+#[dbtest]
+fn deny_unknown_sysctl() {
+    let mut db = db!();
+    for stmt in [
+        "sysctl magic moon",
+        "sysctl create wormhole",
+        "sysctl drop dem",
+    ] {
+        assert_err_eq!(
+            db.query_parse::<()>(&query!(stmt)),
+            Error::ServerError(UNKNOWN_STMT_ERR)
+        );
+    }
+}
 
 #[dbtest]
-fn ensure_create_space_end_of_tokens() {
-    let mut con = db!();
-    assert_err_eq!(
-        con.query_parse::<()>(&query!("create space myspace with {} this_should_fail")),
-        Error::ServerError(INVALID_SYNTAX_ERR)
-    );
+fn ensure_sysctl_status_end_of_tokens() {
+    let mut db = db!();
     assert_err_eq!(
-        con.query_parse::<()>(&query!("create space myspace this_should_fail")),
+        db.query_parse::<()>(&query!("sysctl report status blah")),
         Error::ServerError(INVALID_SYNTAX_ERR)
     );
 }
 
 #[dbtest]
-fn ensure_alter_space_end_of_tokens() {
-    let mut con = db!();
+fn ensure_sysctl_create_user() {
+    let mut db = db!();
     assert_err_eq!(
-        con.query_parse::<()>(&query!("alter space myspace with {} this_should_fail")),
+        db.query_parse::<()>(&query!(
+            "sysctl create user ? with { password: ? } blah",
+            "myuser",
+            "mypass"
+        )),
         Error::ServerError(INVALID_SYNTAX_ERR)
     );
 }
 
 #[dbtest]
-fn ensure_drop_space_end_of_tokens() {
-    let mut con = db!();
-    assert_err_eq!(
-        con.query_parse::<()>(&query!("drop space myspace this_should_fail")),
-        Error::ServerError(INVALID_SYNTAX_ERR)
-    );
+fn ensure_sysctl_drop_user() {
+    let mut db = db!();
     assert_err_eq!(
-        con.query_parse::<()>(&query!("drop space myspace force this_should_fail")),
+        db.query_parse::<()>(&query!("sysctl drop user ? blah", "myuser",)),
         Error::ServerError(INVALID_SYNTAX_ERR)
     );
 }

server/src/engine/tests/client/sec/ddl_sec.rs

@@ -0,0 +1,160 @@
+/*
+ * Created on Wed Nov 29 2023
+ *
+ * This file is a part of Skytable
+ * Skytable (formerly known as TerrabaseDB or Skybase) is a free and open-source
+ * NoSQL database written by Sayan Nandan ("the Author") with the
+ * vision to provide flexibility in data modelling without compromising
+ * on performance, queryability or scalability.
+ *
+ * Copyright (c) 2023, Sayan Nandan <ohsayan@outlook.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+*/
+
+use {
+    super::{INVALID_SYNTAX_ERR, UNKNOWN_STMT_ERR},
+    sky_macros::dbtest,
+    skytable::{error::Error, query},
+};
+
+#[dbtest]
+fn deny_unknown() {
+    let mut db = db!();
+    for stmt in [
+        "create magic blue",
+        "alter rainbow hue",
+        "drop sadistic view",
+    ] {
+        assert_err_eq!(
+            db.query_parse::<()>(&query!(stmt)),
+            Error::ServerError(UNKNOWN_STMT_ERR)
+        );
+    }
+}
+
+#[dbtest]
+fn ensure_create_space_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("create space myspace with {} blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("create space myspace blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_alter_space_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("alter space myspace with {} blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_drop_space_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("drop space myspace blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("drop space myspace force blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_create_model_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "create model myspace.mymodel(username: string, password: binary) blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "create model myspace.mymodel(username: string, password: binary) with {} blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_alter_model_add_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "alter model myspace.mymodel add phone_number { type: uint64 } blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "alter model myspace.mymodel add (phone_number { type: uint64 }, email_id { type: string }) with {} blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_alter_model_update_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "alter model myspace.mymodel update password { type: string } blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "alter model myspace.mymodel update (username {type: binary}, password { type: string }) blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_alter_model_remove_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("alter model myspace.mymodel remove email_id blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "alter model myspace.mymodel remove (email_id, phone_number) blah"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn ensure_drop_model_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("drop model myspace.mymodel blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!("drop model myspace.mymodel force blah")),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}

server/src/engine/tests/client/sec/dml_sec.rs

@@ -0,0 +1,89 @@
+/*
+ * Created on Wed Nov 29 2023
+ *
+ * This file is a part of Skytable
+ * Skytable (formerly known as TerrabaseDB or Skybase) is a free and open-source
+ * NoSQL database written by Sayan Nandan ("the Author") with the
+ * vision to provide flexibility in data modelling without compromising
+ * on performance, queryability or scalability.
+ *
+ * Copyright (c) 2023, Sayan Nandan <ohsayan@outlook.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+*/
+
+use {
+    super::INVALID_SYNTAX_ERR,
+    sky_macros::dbtest,
+    skytable::{error::Error, query},
+};
+
+#[dbtest]
+fn insert_ensure_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "insert into myspace.mymodel(?, ?) blah",
+            "username",
+            "password"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "insert into myspace.mymodel { username: ?, password: ? } blah",
+            "username",
+            "password"
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    );
+}
+
+#[dbtest]
+fn select_ensure_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "select * from myspace.mymodel where username = ? blah",
+            "username",
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    )
+}
+
+#[dbtest]
+fn update_ensure_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "update myspace.mymodel set counter += ? where username = ? blah",
+            1u64,
+            "username",
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    )
+}
+
+#[dbtest]
+fn delete_ensure_end_of_tokens() {
+    let mut db = db!();
+    assert_err_eq!(
+        db.query_parse::<()>(&query!(
+            "delete from myspace.mymodel where username = ? blah",
+            "username",
+        )),
+        Error::ServerError(INVALID_SYNTAX_ERR)
+    )
+}

server/src/engine/tests/client/sec/mod.rs

@@ -0,0 +1,54 @@
+/*
+ * Created on Wed Nov 29 2023
+ *
+ * This file is a part of Skytable
+ * Skytable (formerly known as TerrabaseDB or Skybase) is a free and open-source
+ * NoSQL database written by Sayan Nandan ("the Author") with the
+ * vision to provide flexibility in data modelling without compromising
+ * on performance, queryability or scalability.
+ *
+ * Copyright (c) 2023, Sayan Nandan <ohsayan@outlook.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ *
+*/
+
+mod dcl_sec;
+mod ddl_sec;
+mod dml_sec;
+
+use {
+    crate::engine::error::QueryError,
+    sky_macros::dbtest,
+    skytable::{error::Error, query},
+};
+
+const INVALID_SYNTAX_ERR: u16 = QueryError::QLInvalidSyntax.value_u8() as u16;
+const EXPECTED_STATEMENT_ERR: u16 = QueryError::QLExpectedStatement.value_u8() as u16;
+const UNKNOWN_STMT_ERR: u16 = QueryError::QLUnknownStatement.value_u8() as u16;
+
+#[dbtest]
+fn deny_unknown_tokens() {
+    let mut db = db!();
+    for token in [
+        "model", "space", "where", "force", "into", "from", "with", "set", "add", "remove", "*",
+        ",", "",
+    ] {
+        assert_err_eq!(
+            db.query_parse::<()>(&query!(token)),
+            Error::ServerError(EXPECTED_STATEMENT_ERR),
+            "{token}",
+        );
+    }
+}

server/src/engine/tests/macros.rs

@@ -37,4 +37,17 @@ macro_rules! assert_err_eq {
             ),
         }
     };
+    ($me:expr, $target:pat, $($arg:tt)+) => {
+        match ::core::result::Result::expect_err($me, &format!($($arg)*)) {
+            $target => {}
+            other => panic!(
+                "expected error `{}` but got {:?} at {}:{}; {}",
+                stringify!($target),
+                other,
+                file!(),
+                line!(),
+                $($arg)*
+            ),
+        }
+    }
 }