kp was ich gemacht habe

2023-08-25 18:33:48 +02:00 · 2023-08-25 18:33:48 +02:00 · e91905089d
commit e91905089d
parent 2c81110987
4 changed files with 19 additions and 6 deletions
--- a/tests/pycache/test_website.cpython-311-pytest-7.4.0.pyc
+++ b/tests/pycache/test_website.cpython-311-pytest-7.4.0.pyc
--- a/tests/test_website.py
+++ b/tests/test_website.py
@ -148,4 +148,22 @@ def test_api_tagid_right_seconttag(app, client):
    assert data[0] == 1
    assert data[1] == "test"
    assert data[2] == -2
-    assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
+    assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
+
+#db
+def test_sqlinjektion_adduser(app, client):
+    injektion_list = ['"', "'--"]
+    count = 2
+    for i in injektion_list:
+        with app.app_context():
+            db = get_db()
+            assert db is get_db()
+        response = client.get('/adduser/user?username={i}')
+        c = db.cursor()
+        c.execute("SELECT * FROM users WHERE username = ?", [i])
+        data = c.fetchone()
+        assert data[0] == count
+        assert data[1] == i
+        assert data[2] == 0
+        assert "tag was sucsesfully added"  in response.data.decode('utf-8')
+        count += 1