kp was ich gemacht habe
This commit is contained in:
parent
2c81110987
commit
e91905089d
4 changed files with 19 additions and 6 deletions
|
@ -134,11 +134,6 @@ def create_app(test_config=None):
|
||||||
def new_user():
|
def new_user():
|
||||||
return render_template("adduser.html")
|
return render_template("adduser.html")
|
||||||
|
|
||||||
@app.route("/removeuser/confirmation", methods=['GET'])
|
|
||||||
def confirm_remove_user():
|
|
||||||
user_id = request.args.get("id")
|
|
||||||
return f'<p><a href="/list">user and tag list</a> | <a href="/documentation">Documentation</a></p> <p>Do your realy want to <a href="/removeuser?id={user_id}">remove the user</a></p>'
|
|
||||||
|
|
||||||
@app.route("/removeuser", methods=['GET'])
|
@app.route("/removeuser", methods=['GET'])
|
||||||
def remove_user():
|
def remove_user():
|
||||||
db = get_db()
|
db = get_db()
|
||||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -149,3 +149,21 @@ def test_api_tagid_right_seconttag(app, client):
|
||||||
assert data[1] == "test"
|
assert data[1] == "test"
|
||||||
assert data[2] == -2
|
assert data[2] == -2
|
||||||
assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
|
assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'}
|
||||||
|
|
||||||
|
#db
|
||||||
|
def test_sqlinjektion_adduser(app, client):
|
||||||
|
injektion_list = ['"', "'--"]
|
||||||
|
count = 2
|
||||||
|
for i in injektion_list:
|
||||||
|
with app.app_context():
|
||||||
|
db = get_db()
|
||||||
|
assert db is get_db()
|
||||||
|
response = client.get('/adduser/user?username={i}')
|
||||||
|
c = db.cursor()
|
||||||
|
c.execute("SELECT * FROM users WHERE username = ?", [i])
|
||||||
|
data = c.fetchone()
|
||||||
|
assert data[0] == count
|
||||||
|
assert data[1] == i
|
||||||
|
assert data[2] == 0
|
||||||
|
assert "tag was sucsesfully added" in response.data.decode('utf-8')
|
||||||
|
count += 1
|
Loading…
Reference in a new issue