user and tag list | Documentation
Do your realy want to remove the user
' - @app.route("/removeuser", methods=['GET']) def remove_user(): db = get_db() diff --git a/Website/__pycache__/__init__.cpython-311.pyc b/Website/__pycache__/__init__.cpython-311.pyc index d5af4ff..456d693 100644 Binary files a/Website/__pycache__/__init__.cpython-311.pyc and b/Website/__pycache__/__init__.cpython-311.pyc differ diff --git a/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc b/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc index 90572f7..9a6afc4 100644 Binary files a/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc and b/tests/__pycache__/test_website.cpython-311-pytest-7.4.0.pyc differ diff --git a/tests/test_website.py b/tests/test_website.py index 58df1c8..a8359a4 100644 --- a/tests/test_website.py +++ b/tests/test_website.py @@ -148,4 +148,22 @@ def test_api_tagid_right_seconttag(app, client): assert data[0] == 1 assert data[1] == "test" assert data[2] == -2 - assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'} \ No newline at end of file + assert json.loads(response.data.decode('utf-8')) == {'balance': -2, 'mode': 'balance', 'username': 'test'} + +#db +def test_sqlinjektion_adduser(app, client): + injektion_list = ['"', "'--"] + count = 2 + for i in injektion_list: + with app.app_context(): + db = get_db() + assert db is get_db() + response = client.get('/adduser/user?username={i}') + c = db.cursor() + c.execute("SELECT * FROM users WHERE username = ?", [i]) + data = c.fetchone() + assert data[0] == count + assert data[1] == i + assert data[2] == 0 + assert "tag was sucsesfully added" in response.data.decode('utf-8') + count += 1 \ No newline at end of file