MCPcopy
hub / github.com/gocraft/dbr / TestCommonSQLInjections

Function TestCommonSQLInjections

interpolate_test.go:160–178  ·  view source on GitHub ↗

Attempts to test common SQL injection strings. See `InjectionAttempts` for more information on the source and the strings themselves.

(t *testing.T)

Source from the content-addressed store, hash-verified

158// Attempts to test common SQL injection strings. See `InjectionAttempts` for
159// more information on the source and the strings themselves.
160func TestCommonSQLInjections(t *testing.T) {
161 for _, sess := range testSession {
162 reset(t, sess)
163
164 for _, injectionAttempt := range strings.Split(injectionAttempts, "\n") {
165 // Create a user with the attempted injection as the email address
166 _, err := sess.InsertInto("dbr_people").
167 Pair("name", injectionAttempt).
168 Exec()
169 require.NoError(t, err)
170
171 // SELECT the name back and ensure it's equal to the injection attempt
172 var name string
173 err = sess.Select("name").From("dbr_people").OrderDesc("id").Limit(1).LoadOne(&name)
174 require.NoError(t, err)
175 require.Equal(t, injectionAttempt, name)
176 }
177 }
178}
179
180// InjectionAttempts is a newline separated list of common SQL injection exploits
181// taken from https://wfuzz.googlecode.com/svn/trunk/wordlist/Injections/SQL.txt

Callers

nothing calls this directly

Calls 9

resetFunction · 0.85
PairMethod · 0.80
LoadOneMethod · 0.80
OrderDescMethod · 0.80
FromMethod · 0.80
InsertIntoMethod · 0.65
SelectMethod · 0.65
ExecMethod · 0.45
LimitMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…