Add a unit test with a simple sql injection ala xkcd
This commit adds a basic unit tests with a simple sql injection attack for a test name. All of the database interactions on the insert are done through sqlalchemy and the ORM should be protecting us against this attack vector. The test added here is just to sanity check this and so we have something to point to. It's not intended to actually be a thorough or even a real security test or a thorough security audit. Change-Id: Iee5ed994328cf44834a1becb246f9983881d2129
This commit is contained in:
parent
4f5c3943c6
commit
3fa49d84ca
@ -88,6 +88,12 @@ class TestDatabaseAPI(base.TestCase):
|
|||||||
['fake_test1', 'fake_test2', 'fake_test3'])
|
['fake_test1', 'fake_test2', 'fake_test3'])
|
||||||
self.assertEqual([], result)
|
self.assertEqual([], result)
|
||||||
|
|
||||||
|
def test_get_test_with_sql_injection(self):
|
||||||
|
api.create_test("test_terror'); DROP TABLE tests;")
|
||||||
|
res = api.get_all_tests()
|
||||||
|
self.assertEqual(len(res), 1)
|
||||||
|
self.assertEqual(res[0].test_id, "test_terror'); DROP TABLE tests;")
|
||||||
|
|
||||||
def test_create_run_and_list(self):
|
def test_create_run_and_list(self):
|
||||||
res = api.create_run()
|
res = api.create_run()
|
||||||
self.assertIsNotNone(res)
|
self.assertIsNotNone(res)
|
||||||
|
Loading…
Reference in New Issue
Block a user