package sqlquery

import "testing"

func TestValidateReadOnlySQLAllowsSelectAndWith(t *testing.T) {
	queries := []string{
		"SELECT * FROM events LIMIT 10",
		"select id, created_at from events where content = 'delete keyword in text' limit 5;",
		"WITH recent AS (SELECT * FROM events LIMIT 10) SELECT * FROM recent",
	}
	for _, query := range queries {
		if err := ValidateReadOnlySQL(query); err != nil {
			t.Fatalf("ValidateReadOnlySQL(%q) returned error: %v", query, err)
		}
	}
}

func TestValidateReadOnlySQLRejectsUnsafeStatements(t *testing.T) {
	queries := []string{
		"",
		"DELETE FROM events",
		"UPDATE events SET content='x'",
		"DROP TABLE events",
		"SELECT * FROM events; DELETE FROM events",
		"SELECT * INTO OUTFILE '/tmp/x' FROM events",
		"SELECT SLEEP(10)",
		"ATTACH DATABASE 'x' AS y",
		"VACUUM",
		"SELECT * FROM events -- comment",
	}
	for _, query := range queries {
		if err := ValidateReadOnlySQL(query); err == nil {
			t.Fatalf("ValidateReadOnlySQL(%q) returned nil, want error", query)
		}
	}
}