remote/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2026-05-30 21:57:00 +02:00
Code Issues Projects Releases Packages Wiki Activity
datasette/tests
History
Simon Willison 03b2c66f63 Require full row mutation permissions for raw SQL 
Raw SQL insert and update statements can have broader effects than their SQLite authorizer callbacks reveal. INSERT OR REPLACE and UPDATE OR REPLACE can delete conflicting rows while only surfacing insert or update operations.

Expand table insert and update operations to require insert-row, update-row, and delete-row together. Keep delete operations mapped to delete-row, and update the analysis UI/API to report and evaluate multiple required permissions for a single operation.

Refs https://github.com/simonw/datasette/pull/2749#issuecomment-4559083539
2026-05-27 15:17:22 -07:00
..
plugins Merge branch 'main' into queries 2026-05-26 13:51:51 -07:00
test_templates Fix handling of nested custom page wildcard paths, closes #996 2020-10-07 15:51:11 -07:00
__init__.py Broke up test_app into test_api and test_html 2017-12-15 04:08:24 -08:00
build_small_spatialite_db.py New run_sanity_checks mechanism, for SpatiLite 2019-05-11 15:55:30 -07:00
conftest.py datasette.fixtures module, closes #2733 2026-05-21 23:05:37 -07:00
ext.c Add new entrypoint option to --load-extensions. (#1789) 2022-08-23 11:34:30 -07:00
fixtures.py Enforce query ownership and remove canned query hook 2026-05-24 22:58:50 -07:00
spatialite.db New run_sanity_checks mechanism, for SpatiLite 2019-05-11 15:55:30 -07:00
test-datasette-load-plugins.sh fix (typo): Corrected spelling of 'environments' (#2268) 2024-02-19 14:41:32 -08:00
test_actions_sql.py Expanded analysis of SQL operations, refs #2748 2026-05-26 22:11:35 -07:00
test_actor_restriction_bug.py New PermissionSQL.restriction_sql mechanism for actor restrictions 2025-11-03 14:17:51 -08:00
test_allowed_resources.py Better test name 2026-05-23 17:07:47 -07:00
test_api.py Add CORS headers to /db?sql= query redirect (#2730) 2026-05-23 21:21:13 -07:00
test_api_write.py Call ds.close() in more places in tests 2026-04-16 20:25:58 -07:00
test_auth.py Rename set-column-types action to et-column-type 2026-03-18 12:33:09 -07:00
test_base_view.py New View base class (#2080) 2023-05-25 17:18:43 -07:00
test_cli.py From 409 warnings down to 52 warnings. 2026-04-14 18:46:47 -07:00
test_cli_serve_get.py Black formatting 2026-02-17 13:30:24 -08:00
test_cli_serve_server.py Move HTTPS test to a bash script 2022-12-17 18:33:07 -08:00
test_column_types.py Call ds.close() in more places in tests 2026-04-16 20:25:58 -07:00
test_config_dir.py From 409 warnings down to 52 warnings. 2026-04-14 18:46:47 -07:00
test_config_permission_rules.py Run black formatter 2025-10-25 15:38:07 -07:00
test_crossdb.py From 409 warnings down to 52 warnings. 2026-04-14 18:46:47 -07:00
test_csrf_middleware.py Normalize headers in CSRF checks, refs #2689 2026-04-14 19:24:38 -07:00
test_csv.py Black formatting 2026-02-17 13:30:24 -08:00
test_custom_pages.py Move open redirect fix to asgi_send_redirect, refs #2429 2025-11-04 17:08:06 -08:00
test_datasette_https_server.sh Detect server start/stop more reliably. 2022-12-18 08:01:51 -08:00
test_default_deny.py datasette serve --default-deny option (#2593) 2025-11-12 16:14:21 -08:00
test_docs.py Do not document unstable JSON APIs for stored queries 2026-05-26 16:07:53 -07:00
test_docs_plugins.py Call ds.close() in more places in tests 2026-04-16 20:25:58 -07:00
test_facets.py Respect metadata-defined facet ordering in sorted_facet_results (#2648) 2026-02-25 16:33:27 -08:00
test_fd_leak.py FD-leak regression test for Datasette.close() 2026-04-16 20:18:05 -07:00
test_filters.py Switch to ruff and fix all lint errors, refs #2630 2026-01-23 20:43:16 -08:00
test_fixtures.py datasette.fixtures module, closes #2733 2026-05-21 23:05:37 -07:00
test_html.py Renamed canned queries to queries / stored queries in docs 2026-05-26 15:17:51 -07:00
test_internal_db.py Prototype of new /-/jump menu plus plugin hook 2026-05-21 15:02:17 -07:00
test_internals_database.py Expanded analysis of SQL operations, refs #2748 2026-05-26 22:11:35 -07:00
test_internals_datasette.py Fix for Database.close()/Datasette.close() order (#2710) 2026-05-12 16:31:36 -07:00
test_internals_datasette_client.py Prototype of new /-/jump menu plus plugin hook 2026-05-21 15:02:17 -07:00
test_internals_request.py Request.fake(... url_vars), plus .fake() is now documented 2022-03-31 19:01:58 -07:00
test_internals_response.py response.set_cookie(), closes #795 2020-06-09 15:19:37 -07:00
test_internals_urls.py Remove hashed URL mode 2022-03-18 17:12:03 -07:00
test_jump.py Renamed canned queries to queries / stored queries in docs 2026-05-26 15:17:51 -07:00
test_label_column_for_table.py Detect single unique text column in label_column_for_table, closes #2458 2025-02-01 17:02:49 -08:00
test_load_extensions.py Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363) 2024-07-15 10:33:51 -07:00
test_messages.py Introduce new /$DB/-/query endpoint, soft replaces /$DB?sql=... (#2363) 2024-07-15 10:33:51 -07:00
test_multipart.py Add request.form() for multipart form data and file uploads 2026-01-28 18:41:03 -08:00
test_navigation_search_js.py Ran Black 2026-05-22 21:27:04 -07:00
test_package.py Upgrade Docker images to Python 3.11, closes #1853 2022-10-25 12:04:53 -07:00
test_permission_endpoints.py Add actor= parameter to datasette.client methods (#2688) 2026-04-14 18:31:57 -07:00
test_permissions.py Fixed broken test caused by apply_queries_config() rename 2026-05-26 15:37:21 -07:00
test_plugins.py top_canned_query is now top_stored_query, closes #2747 2026-05-26 15:05:41 -07:00
test_publish_cloudrun.py Black formatting 2026-02-17 13:30:24 -08:00
test_publish_heroku.py Upgrade to Python 3.11 on Heroku, refs #1905 2022-11-18 16:44:46 -08:00
test_pytest_autoclose_plugin.py Fix ruff lints in close-related tests 2026-04-16 20:34:48 -07:00
test_queries.py Require full row mutation permissions for raw SQL 2026-05-27 15:17:22 -07:00
test_restriction_sql.py Switch to ruff and fix all lint errors, refs #2630 2026-01-23 20:43:16 -08:00
test_routes.py Black formatting 2026-02-17 13:30:24 -08:00
test_schema_endpoints.py Add actor= parameter to datasette.client methods (#2688) 2026-04-14 18:31:57 -07:00
test_search_tables.py Prototype of new /-/jump menu plus plugin hook 2026-05-21 15:02:17 -07:00
test_spatialite.py Skip SpatiaLite test if no conn.enable_load_extension() 2022-09-05 17:09:57 -07:00
test_stored_queries.py test_stored_queries.py 2026-05-26 15:21:09 -07:00
test_table_api.py datasette.fixtures module, closes #2733 2026-05-21 23:05:37 -07:00
test_table_html.py Table headers and column options visible for 0 rows 2026-04-22 22:23:02 -07:00
test_token_handler.py TokenRestrictions.abbreviated(datasette) utility method for creating _r dicts (#2696) 2026-04-17 08:44:43 -07:00
test_tracer.py Fix startup hook to fire after metadata and schema tables are populated (#2666) 2026-03-16 17:56:40 -07:00
test_utils.py From 409 warnings down to 52 warnings. 2026-04-14 18:46:47 -07:00
test_utils_check_callable.py Rename callable.py to check_callable.py, refs #2078 2023-05-25 11:49:40 -07:00
test_utils_permissions.py Black formatting 2026-02-17 13:30:24 -08:00
test_utils_sql_analysis.py Deny unsupported write SQL operations by default 2026-05-27 14:52:52 -07:00
test_write_wrapper.py Replace Janus queue with asyncio.Future 2026-05-16 11:45:43 -07:00
utils.py From 409 warnings down to 52 warnings. 2026-04-14 18:46:47 -07:00