Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ascanrules: add SqlInjectionScanRule unit tests for boolean based #5797

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ascanrules: add SqlInjectionScanRule unit tests for boolean based #5797

wants to merge 1 commit into from

Conversation

FiveOFive
Copy link
Contributor

Overview

Briefly describe the purpose, goals, and changes or improvements made in this pull request.

Related Issues

Specify any related issues or pull requests by linking to them. zaproxy/zaproxy#8652

Checklist

  • Update help
  • Update changelog
  • Run ./gradlew spotlessApply for code formatting
  • Write tests
  • Check code coverage
  • Sign-off commits
  • Squash commits
  • Use a descriptive title

For more details, please refer to the developer rules and guidelines.

@FiveOFive FiveOFive mentioned this pull request Oct 7, 2024
Open
1 task
@thc202 thc202 changed the title SqlInjectionScanRule unit tests for boolean based ascanrules: add SqlInjectionScanRule unit tests for boolean based Oct 8, 2024
@FiveOFive FiveOFive force-pushed the sqli-boolean-based-unit-tests branch 2 times, most recently from 8fcb9d6 to ff7eae4 Compare October 16, 2024 21:02
This was referenced Oct 30, 2024
Open
Merged
@FiveOFive
SqlInjectionScanRule unit tests for boolean based
366804e 
Signed-off-by: FiveOFive <FiveOFive@users.noreply.github.com>
@FiveOFive FiveOFive force-pushed the sqli-boolean-based-unit-tests branch from ff7eae4 to 366804e Compare November 22, 2024 21:17
@FiveOFive FiveOFive mentioned this pull request Dec 3, 2024
Open
8 tasks
@kingthorin kingthorin added the waiting-for:zaproxy-team-wip Someone from the zaproxy core team is looking into completing this PR. label Mar 4, 2025
@thc202 thc202 removed the waiting-for:zaproxy-team-wip Someone from the zaproxy core team is looking into completing this PR. label Mar 5, 2025
kingthorin
kingthorin reviewed Mar 6, 2025
View reviewed changes
Copy link
Member

@kingthorin kingthorin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall I believe this makes the tests more clear and maintainable. The coverage seems roughly the same.

...anrules/src/test/java/org/zaproxy/zap/extension/ascanrules/SqlInjectionScanRuleUnitTest.java
class BooleanBasedSqlInjection {

@Test
void shouldAlert_ANDTrueMatches_ANDFalseDoesNotMatch() throws Exception {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that you're trying to make the naming/conditions more clear however I think we'd like to stick with the Java naming convention(s).
So maybe: shouldAlertWhenCheckAndTrueMatchesCCheckAndFalseDoesNotMatch

Similar for those below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thc202 thc202 thc202 left review comments

@kingthorin kingthorin kingthorin left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@FiveOFive @thc202 @kingthorin