From 6b719fb218ac1f137a557f5ba8d928138e55aa7e Mon Sep 17 00:00:00 2001 From: Florian Bruhin Date: Fri, 31 Aug 2018 23:35:00 +0200 Subject: [PATCH] Make sure queries don't have any missing bindings --- qutebrowser/misc/sql.py | 4 ++++ tests/unit/misc/test_sql.py | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/qutebrowser/misc/sql.py b/qutebrowser/misc/sql.py index bf47bea5a..14d647ae3 100644 --- a/qutebrowser/misc/sql.py +++ b/qutebrowser/misc/sql.py @@ -171,9 +171,13 @@ class Query(QSqlQuery): def run(self, **values): """Execute the prepared query.""" log.sql.debug('Running SQL query: "{}"'.format(self.lastQuery())) + for key, val in values.items(): self.bindValue(':{}'.format(key), val) log.sql.debug('query bindings: {}'.format(self.boundValues())) + if any(val is None for val in self.boundValues().values()): + raise SqlError("Missing bound values!") + if not self.exec_(): raise SqliteError.from_query('exec', self.lastQuery(), self.lastError()) diff --git a/tests/unit/misc/test_sql.py b/tests/unit/misc/test_sql.py index ebd74d2e4..836370ea0 100644 --- a/tests/unit/misc/test_sql.py +++ b/tests/unit/misc/test_sql.py @@ -263,6 +263,11 @@ class TestSqlQuery: q.run(answer=42) assert q.value() == 42 + def test_run_missing_binding(self): + q = sql.Query('SELECT :answer') + with pytest.raises(sql.SqlError, match='Missing bound values!'): + q.run() + def test_value_missing(self): q = sql.Query('SELECT 0 WHERE 0') q.run()