Added some tests for sql injection

nsearls-bu · Apr 11, 2024 · 3993393 · 3993393
1 parent 8e1c69e
commit 3993393
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/backend/testing/test_injection.py b/backend/testing/test_injection.py
@@ -4,5 +4,19 @@
 from uuid import UUID, uuid4
 import time
 class Test_Analyser(FlaskTests):
+    def test_user_injection(self):
+        data = {}
+        data['file'] = (BytesIO(b"--"), 'test.txt')
+        # Test with SQL comment. This should make the code crash if not properly sanitized.
+        response = self.client.post("/create_document", data=data, content_type='multipart/form-data',)
+        assert response.status_code == 201
+
+        response = self.client.post("/create_user", query_string={
+            "username": "; DROP TABLE USERS",
+            "email": "joe@bu.edu",
+            "age": "24",
+            "first_name": "Joe",
+            "last_name": "Smith"
+        })
+        assert response.status_code == 201
 
-    def test_user_uploading(self):
diff --git a/rpc_backend/dump.rdb b/rpc_backend/dump.rdb