Fix and re-enable query syntax checking (#1150)

- Upgrade sqlite-parser version
- Revert "Stop validating query syntax (#1090)"
- Update tests

frontend/components/forms/validators/validate_query/index.js

@@ -26,9 +26,7 @@ export const validateQuery = (queryText) => {
 
     return validQueryResponse;
   } catch (error) {
-    // FIXME: return invalidQueryResponse(error.message);
-    // when SQL parsing has been fixed.
-    return { valid: true, error: null };
+    return invalidQueryResponse(error.message);
   }
 };
 

frontend/components/forms/validators/validate_query/validate_query.tests.js

@@ -2,19 +2,33 @@ import expect from 'expect';
 
 import validateQuery from './index';
 
-const malformedQuery = 'this is not a thing';
-const validQuery = 'SELECT * FROM users';
+const malformedQueries = [
+  'this is not a thing',
+  'SELECT * FROM foo bar baz',
+];
+const validQueries = [
+  'SELECT * FROM users',
+  'select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as ' +
+    'counter from osquery_info i, processes p, time where p.pid = i.pid',
+  'select feeds.*, p2.value as sparkle_version from (select a.name as ' +
+    'app_name, a.path as app_path, a.bundle_identifier as bundle_id, ' +
+    'p.value as feed_url from (select name, path, bundle_identifier from ' +
+    "apps) a, preferences p where p.path = a.path || '/Contents/Info.plist' " +
+    "and p.key = 'SUFeedURL' and feed_url like 'http://%') feeds left outer " +
+    "join preferences p2 on p2.path = app_path || '/Info.plist' where " +
+    "(p2.key = 'CFBundleShortVersionString' OR coalesce(p2.key, '') = '')",
+];
 const createQuery = 'CREATE TABLE users (LastName varchar(255))';
 const insertQuery = 'INSERT INTO users (name) values ("Mike")';
 
 describe('validateQuery', () => {
   it('rejects malformed queries', () => {
-    const { error, valid } = validateQuery(malformedQuery);
+    for (const query of malformedQueries) {
+      const { error, valid } = validateQuery(query);
 
-    // FIXME: expect(valid).toEqual(false);
-    expect(valid).toEqual(true);
-    // FIXME: expect(error).toEqual('Syntax error found near WITH Clause (Statement)');
-    expect(error).toEqual(null);
+      expect(valid).toEqual(false);
+      expect(error).toMatch(/Syntax error found near .+/);
+    }
   });
 
   it('rejects blank queries', () => {
@@ -26,22 +40,21 @@ describe('validateQuery', () => {
 
   it('rejects create queries', () => {
     const { error, valid } = validateQuery(createQuery);
-
     expect(valid).toEqual(false);
     expect(error).toEqual('Cannot INSERT or CREATE in osquery queries');
   });
 
   it('rejects insert queries', () => {
     const { error, valid } = validateQuery(insertQuery);
-
     expect(valid).toEqual(false);
     expect(error).toEqual('Cannot INSERT or CREATE in osquery queries');
   });
 
   it('accepts valid queries', () => {
-    const { error, valid } = validateQuery(validQuery);
-    expect(valid).toEqual(true);
-    expect(error).toNotExist();
+    for (const query of validQueries) {
+      const { error, valid } = validateQuery(query);
+      expect(valid).toEqual(true, query);
+      expect(error).toNotExist();
+    }
   });
 });
-

package.json

@@ -71,7 +71,7 @@
     "require-hacker": "^2.1.4",
     "sass-loader": "^4.0.2",
     "select": "^1.0.6",
-    "sqlite-parser": "^0.14.5",
+    "sqlite-parser": "^1.0.0",
     "style-loader": "^0.13.0",
     "stylus-loader": "1.5.1",
     "tslint": "^3.15.1",