-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[fix #12901] moved testSqlInjectionSearchAccountRequestsInWholeSystem…
… to AccountRequestSearchIT class
- Loading branch information
Showing
2 changed files
with
17 additions
and
15 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -237,19 +237,4 @@ public void testSqlInjectionInDeleteAccountRequest() throws Exception { | |
| assertEquals(accountRequest, actual); | ||
| } | ||
|
|
||
| @Test | ||
| public void testSqlInjectionSearchAccountRequestsInWholeSystem() throws Exception { | ||
| ______TS("SQL Injection test in searchAccountRequestsInWholeSystem"); | ||
|
|
||
| AccountRequest accountRequest = | ||
| new AccountRequest("[email protected]", "name", "institute", AccountRequestStatus.PENDING, "comments"); | ||
| accountRequestDb.createAccountRequest(accountRequest); | ||
|
|
||
| String searchInjection = "institute'; DROP TABLE account_requests; --"; | ||
| List<AccountRequest> actualInjection = accountRequestDb.searchAccountRequestsInWholeSystem(searchInjection); | ||
| assertEquals(0, actualInjection.size()); | ||
|
|
||
| AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId()); | ||
| assertEquals(accountRequest, actual); | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,6 +6,7 @@ | |
| import org.testng.annotations.BeforeMethod; | ||
| import org.testng.annotations.Test; | ||
|
|
||
| import teammates.common.datatransfer.AccountRequestStatus; | ||
| import teammates.common.datatransfer.SqlDataBundle; | ||
| import teammates.common.exception.SearchServiceException; | ||
| import teammates.common.util.HibernateUtil; | ||
|
|
@@ -162,6 +163,22 @@ public void testSearchAccountRequest_noSearchService_shouldThrowException() { | |
| () -> accountRequestsDb.searchAccountRequestsInWholeSystem("anything")); | ||
| } | ||
|
|
||
| @Test | ||
| public void testSqlInjectionSearchAccountRequestsInWholeSystem() throws Exception { | ||
| ______TS("SQL Injection test in searchAccountRequestsInWholeSystem"); | ||
|
|
||
| AccountRequest accountRequest = | ||
| new AccountRequest("[email protected]", "name", "institute", AccountRequestStatus.PENDING, "comments"); | ||
| accountRequestsDb.createAccountRequest(accountRequest); | ||
|
|
||
| String searchInjection = "institute'; DROP TABLE account_requests; --"; | ||
| List<AccountRequest> actualInjection = accountRequestsDb.searchAccountRequestsInWholeSystem(searchInjection); | ||
| assertEquals(0, actualInjection.size()); | ||
|
|
||
| AccountRequest actual = accountRequestsDb.getAccountRequest(accountRequest.getId()); | ||
| assertEquals(accountRequest, actual); | ||
| } | ||
|
|
||
| /** | ||
| * Verifies that search results match with expected output. | ||
| * | ||
|
|
||