From 965e32f6c63bffeef3e27ea47a799b65c80d9c23 Mon Sep 17 00:00:00 2001 From: Joe Conway Date: Wed, 29 Aug 2018 13:33:38 -0400 Subject: [PATCH] Prevent Query.where.oneOf from allowing null or empty set (#544) --- aqueduct/lib/src/db/query/matcher_expression.dart | 3 +++ aqueduct/test/db/postgresql/matcher_test.dart | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/aqueduct/lib/src/db/query/matcher_expression.dart b/aqueduct/lib/src/db/query/matcher_expression.dart index 9d40f49fa..679b67117 100644 --- a/aqueduct/lib/src/db/query/matcher_expression.dart +++ b/aqueduct/lib/src/db/query/matcher_expression.dart @@ -249,6 +249,9 @@ class QueryExpression { /// var query = new Query() /// ..where((e) => e.department).oneOf(["Engineering", "HR"]); QueryExpressionJunction oneOf(Iterable values) { + if (values?.isEmpty ?? true) { + throw ArgumentError("'Query.where.oneOf' cannot be the empty set or null."); + } expression = SetMembershipExpression(values.toList()); return _createJunction(); diff --git a/aqueduct/test/db/postgresql/matcher_test.dart b/aqueduct/test/db/postgresql/matcher_test.dart index 6c4a19153..89b62e4a8 100644 --- a/aqueduct/test/db/postgresql/matcher_test.dart +++ b/aqueduct/test/db/postgresql/matcher_test.dart @@ -190,7 +190,7 @@ void main() { }); }); - test("whereIn matcher", () async { + test("oneOf matcher", () async { var q = Query(context)..where((o) => o.id).oneOf([1, 2]); var results = await q.fetch(); expect(results.length, 2); @@ -202,6 +202,13 @@ void main() { expect(results.length, 4); expect(results.any((t) => t.id == 1), false); expect(results.any((t) => t.id == 2), false); + + try { + Query(context).where((o) => o.id).not.oneOf([]); + fail('unreachable'); + } on ArgumentError catch (e) { + expect(e.toString(), contains("oneOf' cannot be the empty set or null")); + } }); test("whereBetween matcher", () async {