Uploaded image for project: 'Xray for Jira'
  1. Xray for Jira
  2. XRAY-11334

SQL Exception caused by an apostrophe or single quotation mark in the Cucumber Test Step definition.

    XporterXMLWordPrintable

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • Xray DC 8.2.0
    • None
    • Cucumber, Test Run Status
    • None

    • Jira Server, Windows; Chrome and Edge Browsers

    • UNCOVERED

    Description

      Description:

      If we run a Cucumber Test, whose Cucumber Test Step Definition has an apostrophe in the Example data, it throws a 500 error 

      {"error":"There was a SQL exception thrown by the Active Objects library:\nDatabase:\n\t- name:PostgreSQL\n\t- version:14.17\n\t- minor version:17\n\t- major version:14\nDriver:\n\t- name:PostgreSQL JDBC Driver\n\t- version:42.7.3\n\norg.postgresql.util.PSQLException: Multiple ResultSets were returned by the query."}

      Pre-conditions: N/A

      How to reproduce

      1. Create a Cucumber Test with the following Cucumber Definition:
      Given I open url "< URL >"
And I see "Log In" link in the "Account" page
When I click on the "Log In" Link
Then I am presented with "Enter your email to continue" modal
When I enter the exisiting mail id
Then I redirected to the modal "Good news, you already have a Amazon account" 
When I scroll down the modal
And I open the "Having trouble logging in? Send a one-time code"
Then I am presented with "Check your email inbox" modal
Then I see the "Code" is sent to the "Email ID"
When I open my "Email Client"
Then I see a email with the "<Header>"
And I see 6 digit passcode
When I click on different "<links>" in the passcode email
Then I expect that url is "<url>"
When I scroll down the passcode email
Then I see the copyright text
Examples:
| url |
| https://www.fsfdsf.com/my-profile |
| https://www.abcd.com/my-profile |
| https://www.zomocars.com/tv/my-profile |Examples:
| Here's your one-time passcode for abcd |
| Here's your one-time passcode for efgh|
| Here's your one-time passcode for defghti|Examples:
| links                       url |
| Privacy Policy              https://customRLS.com/en/ |
| Terms of Services           https://njimko.com/ |
      1. Add a Test Run to it and run it.
      2. Now change the text in the examples such that apostrophe managed:
      | Here' and 1=2; -- s your one-time passcode for abcdef|
      1. Perform the Test Run again to change the Status.

      Actual result/Attachments

      Initially, the Test Run throws 500 SQL exceptions due to the apostrophe. After editing the Cucumber examples text, the Run is successful.

      Expected result:

      The SQL should not inject an error scenario when the text contains an apostrophe symbol.

      Version

      • Xray DC 8.2.0

      Workaround: Change the examples text from Here's to Here' and 1=2; – s.

       

      Attachments

        Activity

          People

            joana.fonseca Joana Fonseca
            jayanthi.murthi Jayanthi Murthi
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: