Escape the query string in list user (#13013)

Signed-off-by: Daniel Jiang <jiangd@vmware.com>
This commit is contained in:
Daniel Jiang 2020-09-10 20:17:53 +08:00 committed by GitHub
parent 97b9cc2d5e
commit 354eaac195
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 15 deletions

View File

@ -26,6 +26,7 @@ import (
"github.com/goharbor/harbor/src/common/utils" "github.com/goharbor/harbor/src/common/utils"
"github.com/goharbor/harbor/src/lib/log" "github.com/goharbor/harbor/src/lib/log"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
) )
func execUpdate(o orm.Ormer, sql string, params ...interface{}) error { func execUpdate(o orm.Ormer, sql string, params ...interface{}) error {
@ -278,21 +279,18 @@ func TestGetUser(t *testing.T) {
func TestListUsers(t *testing.T) { func TestListUsers(t *testing.T) {
users, err := ListUsers(nil) users, err := ListUsers(nil)
if err != nil { require.Nil(t, err)
t.Errorf("Error occurred in ListUsers: %v", err) assert.Greater(t, len(users), 0)
}
users2, err := ListUsers(&models.UserQuery{Username: username}) users2, err := ListUsers(&models.UserQuery{Username: username})
if len(users2) != 1 { require.Nil(t, err)
t.Errorf("Expect one user in list, but the acutal length is %d, the list: %+v", len(users), users) assert.Equal(t, 1, len(users2))
} assert.Equal(t, username, users2[0].Username)
if users2[0].Username != username {
t.Errorf("The username in result list does not match, expected: %s, actual: %s", username, users2[0].Username)
}
users3, err := ListUsers(&models.UserQuery{Username: username, Pagination: &models.Pagination{Page: 2, Size: 1}}) users3, err := ListUsers(&models.UserQuery{Username: username, Pagination: &models.Pagination{Page: 2, Size: 1}})
if len(users3) != 0 { require.Nil(t, err)
t.Errorf("Expect no user in list, but the acutal length is %d, the list: %+v", len(users3), users3) assert.Equal(t, 0, len(users3))
} users4, err := ListUsers(&models.UserQuery{Username: "__"})
require.Nil(t, err)
assert.Equal(t, 0, len(users4))
} }
func TestResetUserPassword(t *testing.T) { func TestResetUserPassword(t *testing.T) {

View File

@ -129,11 +129,11 @@ func userQueryConditions(query *models.UserQuery) orm.QuerySeter {
} }
if len(query.Username) > 0 { if len(query.Username) > 0 {
qs = qs.Filter("username__contains", query.Username) qs = qs.Filter("username__contains", Escape(query.Username))
} }
if len(query.Email) > 0 { if len(query.Email) > 0 {
qs = qs.Filter("email__contains", query.Email) qs = qs.Filter("email__contains", Escape(query.Email))
} }
return qs return qs