Correção Tests

gilsonjoanelo · gilsonjoanelo · commit 0488e88130a4 · 2025-12-22T10:50:36.000-03:00
Foi implementado os testes

Contains_with_local_collection_sql_injection em NorthwindAggregateOperatorsQueryFbTest.cs

e

Contains_over_concatenated_columns_both_fixed_length em NorthwindMiscellaneousQueryFbTest.cs
diff --git a/src/FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests/Query/NorthwindAggregateOperatorsQueryFbTest.cs b/src/FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests/Query/NorthwindAggregateOperatorsQueryFbTest.cs
@@ -16,19 +16,27 @@
 //$Authors = Jiri Cincura (jiri@cincura.net)
 
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests.Helpers;
+using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Query;
+using Microsoft.EntityFrameworkCore.TestModels.Northwind;
 using Microsoft.EntityFrameworkCore.TestUtilities;
 using Xunit;
 
 namespace FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests.Query;
 
 public class NorthwindAggregateOperatorsQueryFbTest : NorthwindAggregateOperatorsQueryRelationalTestBase<NorthwindQueryFbFixture<NoopModelCustomizer>>
 {
+	private readonly NorthwindQueryFbFixture<NoopModelCustomizer> _fixture;
+
 	public NorthwindAggregateOperatorsQueryFbTest(NorthwindQueryFbFixture<NoopModelCustomizer> fixture)
 		: base(fixture)
-	{ }
+	{
+		_fixture = fixture;
+	}
 
 	[NotSupportedOnFirebirdTheory]
 	[MemberData(nameof(IsAsyncData))]
@@ -96,4 +104,37 @@ public override Task Average_over_nested_subquery(bool async)
 	{
 		return base.Average_over_nested_subquery(async);
 	}
+
+	[ConditionalFact]
+	public override async Task Contains_with_local_collection_sql_injection(bool async)
+	{
+		using var context = _fixture.CreateContext();
+
+		// Coleção local com valor válido e valor "malicioso"
+		var ids = new[] { "ALFKI", "ABC'); DROP TABLE Orders; --" };
+
+		var query = context.Customers
+			.Where(c => ids.Contains(c.CustomerID));
+
+		List<Customer> customers;
+
+		if (async)
+		{
+			// Materializa assíncrono sem ToListAsync()
+			customers = new List<Customer>();
+			await foreach (var c in query.AsAsyncEnumerable())
+			{
+				customers.Add(c);
+			}
+		}
+		else
+		{
+			customers = query.ToList();
+		}
+
+
+		// Deve retornar apenas o cliente válido
+		Assert.Single(customers);
+		Assert.Equal("ALFKI", customers[0].CustomerID);
+	}
 }
diff --git a/src/FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests/Query/NorthwindMiscellaneousQueryFbTest.cs b/src/FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests/Query/NorthwindMiscellaneousQueryFbTest.cs
@@ -16,20 +16,28 @@
 //$Authors = Jiri Cincura (jiri@cincura.net)
 
 using System;
+using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests.Helpers;
 using FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests.TestUtilities;
+using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Query;
+using Microsoft.EntityFrameworkCore.TestModels.Northwind;
 using Microsoft.EntityFrameworkCore.TestUtilities;
 using Xunit;
 
 namespace FirebirdSql.EntityFrameworkCore.Firebird.FunctionalTests.Query;
 
 public class NorthwindMiscellaneousQueryFbTest : NorthwindMiscellaneousQueryRelationalTestBase<NorthwindQueryFbFixture<NoopModelCustomizer>>
 {
+	private readonly NorthwindQueryFbFixture<NoopModelCustomizer> _fixture;
+
 	public NorthwindMiscellaneousQueryFbTest(NorthwindQueryFbFixture<NoopModelCustomizer> fixture)
 		: base(fixture)
-	{ }
+	{
+		_fixture = fixture;
+	}
 
 	[Theory]
 	[MemberData(nameof(IsAsyncData))]
@@ -159,4 +167,39 @@ public override Task Where_nanosecond_and_microsecond_component(bool async)
 	{
 		return base.Where_nanosecond_and_microsecond_component(async);
 	}
+
+	[ConditionalFact]
+
+	public override async Task Contains_over_concatenated_columns_both_fixed_length(bool async)
+	{
+		using var context = _fixture.CreateContext();
+
+		// Coleção local com valores concatenados
+		var ids = new[] { "ALFKIContactName", "ANATRContactName" };
+
+		var query = context.Customers
+			.Where(c => ids.Contains(c.CustomerID + c.ContactName));
+
+		List<Customer> customers;
+		if (async)
+		{
+			// Materializa assíncrono sem ToListAsync()
+			customers = new List<Customer>();
+			await foreach (var c in query.AsAsyncEnumerable())
+			{
+				customers.Add(c);
+			}
+		}
+		else
+		{
+			customers = query.ToList();
+		}
+
+
+		// Valida que os clientes corretos foram retornados
+		Assert.Equal(2, customers.Count);
+		Assert.Contains(customers, c => c.CustomerID == "ALFKI");
+		Assert.Contains(customers, c => c.CustomerID == "ANATR");
+
+	}
 }
