Attempts to test common SQL injection strings. See `InjectionAttempts` for more information on the source and the strings themselves.
(t *testing.T)
| 158 | // Attempts to test common SQL injection strings. See `InjectionAttempts` for |
| 159 | // more information on the source and the strings themselves. |
| 160 | func TestCommonSQLInjections(t *testing.T) { |
| 161 | for _, sess := range testSession { |
| 162 | reset(t, sess) |
| 163 | |
| 164 | for _, injectionAttempt := range strings.Split(injectionAttempts, "\n") { |
| 165 | // Create a user with the attempted injection as the email address |
| 166 | _, err := sess.InsertInto("dbr_people"). |
| 167 | Pair("name", injectionAttempt). |
| 168 | Exec() |
| 169 | require.NoError(t, err) |
| 170 | |
| 171 | // SELECT the name back and ensure it's equal to the injection attempt |
| 172 | var name string |
| 173 | err = sess.Select("name").From("dbr_people").OrderDesc("id").Limit(1).LoadOne(&name) |
| 174 | require.NoError(t, err) |
| 175 | require.Equal(t, injectionAttempt, name) |
| 176 | } |
| 177 | } |
| 178 | } |
| 179 | |
| 180 | // InjectionAttempts is a newline separated list of common SQL injection exploits |
| 181 | // taken from https://wfuzz.googlecode.com/svn/trunk/wordlist/Injections/SQL.txt |
nothing calls this directly
no test coverage detected
searching dependent graphs…