# SQL Query Test Script Design ## Overview Test script for validating the SQL query admin API functionality. Tests query validation, execution, error handling, and security features. ## Script: tests/sql_test.sh ### Test Categories #### 1. Query Validation Tests - ✅ Valid SELECT queries accepted - ❌ INSERT statements blocked - ❌ UPDATE statements blocked - ❌ DELETE statements blocked - ❌ DROP statements blocked - ❌ CREATE statements blocked - ❌ ALTER statements blocked - ❌ PRAGMA write operations blocked #### 2. Query Execution Tests - ✅ Simple SELECT query - ✅ SELECT with WHERE clause - ✅ SELECT with JOIN - ✅ SELECT with ORDER BY and LIMIT - ✅ Query against views - ✅ Query with aggregate functions (COUNT, SUM, AVG) #### 3. Response Format Tests - ✅ Response includes request_id - ✅ Response includes query_type - ✅ Response includes columns array - ✅ Response includes rows array - ✅ Response includes row_count - ✅ Response includes execution_time_ms #### 4. Error Handling Tests - ❌ Invalid SQL syntax - ❌ Non-existent table - ❌ Non-existent column - ❌ Query timeout (if configurable) #### 5. Security Tests - ❌ SQL injection attempts blocked - ❌ Nested query attacks blocked - ❌ Comment-based attacks blocked #### 6. Concurrent Query Tests - ✅ Multiple queries in parallel - ✅ Responses correctly correlated to requests ## Script Structure ```bash #!/bin/bash # SQL Query Admin API Test Script # Tests the sql_query command functionality set -e RELAY_URL="${RELAY_URL:-ws://localhost:8888}" ADMIN_PRIVKEY="${ADMIN_PRIVKEY:-}" RELAY_PUBKEY="${RELAY_PUBKEY:-}" # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' # No Color # Test counters TESTS_RUN=0 TESTS_PASSED=0 TESTS_FAILED=0 # Helper functions print_test() { echo -e "${YELLOW}TEST: $1${NC}" TESTS_RUN=$((TESTS_RUN + 1)) } print_pass() { echo -e "${GREEN}✓ PASS: $1${NC}" TESTS_PASSED=$((TESTS_PASSED + 1)) } print_fail() { echo -e "${RED}✗ FAIL: $1${NC}" TESTS_FAILED=$((TESTS_FAILED + 1)) } # Send SQL query command send_sql_query() { local query="$1" # Implementation using nostr CLI tools or curl # Returns response JSON } # Test functions test_valid_select() { print_test "Valid SELECT query" local response=$(send_sql_query "SELECT * FROM events LIMIT 1") if echo "$response" | grep -q '"query_type":"sql_query"'; then print_pass "Valid SELECT accepted" else print_fail "Valid SELECT rejected" fi } test_blocked_insert() { print_test "INSERT statement blocked" local response=$(send_sql_query "INSERT INTO events VALUES (...)") if echo "$response" | grep -q '"error"'; then print_pass "INSERT correctly blocked" else print_fail "INSERT not blocked" fi } # ... more test functions ... # Main test execution main() { echo "================================" echo "SQL Query Admin API Tests" echo "================================" echo "" # Check prerequisites if [ -z "$ADMIN_PRIVKEY" ]; then echo "Error: ADMIN_PRIVKEY not set" exit 1 fi # Run test suites echo "1. Query Validation Tests" test_valid_select test_blocked_insert test_blocked_update test_blocked_delete test_blocked_drop echo "" echo "2. Query Execution Tests" test_simple_select test_select_with_where test_select_with_join test_select_views echo "" echo "3. Response Format Tests" test_response_format test_request_id_correlation echo "" echo "4. Error Handling Tests" test_invalid_syntax test_nonexistent_table echo "" echo "5. Security Tests" test_sql_injection echo "" echo "6. Concurrent Query Tests" test_concurrent_queries # Print summary echo "" echo "================================" echo "Test Summary" echo "================================" echo "Tests Run: $TESTS_RUN" echo "Tests Passed: $TESTS_PASSED" echo "Tests Failed: $TESTS_FAILED" if [ $TESTS_FAILED -eq 0 ]; then echo -e "${GREEN}All tests passed!${NC}" exit 0 else echo -e "${RED}Some tests failed${NC}" exit 1 fi } main "$@" ``` ## Test Data Setup The script should work with the existing relay database without requiring special test data, using: - Existing events table - Existing views (event_stats, recent_events, etc.) - Existing config table ## Usage ```bash # Set environment variables export ADMIN_PRIVKEY="your_admin_private_key_hex" export RELAY_PUBKEY="relay_public_key_hex" export RELAY_URL="ws://localhost:8888" # Run tests ./tests/sql_test.sh # Run specific test category ./tests/sql_test.sh validation ./tests/sql_test.sh security ``` ## Integration with CI/CD The script should: - Return exit code 0 on success, 1 on failure - Output TAP (Test Anything Protocol) format for CI integration - Be runnable in automated test pipelines - Not require manual intervention ## Dependencies - `bash` (version 4+) - `curl` or `websocat` for WebSocket communication - `jq` for JSON parsing - Nostr CLI tools (optional, for event signing) - Running c-relay instance ## Example Output ``` ================================ SQL Query Admin API Tests ================================ 1. Query Validation Tests TEST: Valid SELECT query ✓ PASS: Valid SELECT accepted TEST: INSERT statement blocked ✓ PASS: INSERT correctly blocked TEST: UPDATE statement blocked ✓ PASS: UPDATE correctly blocked 2. Query Execution Tests TEST: Simple SELECT query ✓ PASS: Query executed successfully TEST: SELECT with WHERE clause ✓ PASS: WHERE clause works correctly ... ================================ Test Summary ================================ Tests Run: 24 Tests Passed: 24 Tests Failed: 0 All tests passed!