public void DataRepository_UpdatingMalicousHtml_WillConvertToSafe()
{
//Arrange: A data repository and malicious entry are created
MockSqlRepository collection = new MockSqlRepository();
string malicious = "<div>Hello, world!</div>";
MockDataUnit unit = new MockDataUnit { key = 5, attrTwo = malicious, attrThree = 3 };
//Act: an update is requested
collection.Update(unit);
//Assert: The entry that was added no longer contains the malicious code.
Assert.AreNotEqual(malicious, unit.attrTwo);
}
public void DataRepository_UpdatingMalicousSqlHtml_WillConvertToSafe()
{
//Arrange: data repository and data unit with malicous and html code is created.
MockSqlRepository collection = new MockSqlRepository();
string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--";
MockDataUnit unit = new MockDataUnit { key = 6, attrTwo = malicious, attrThree = 4 };
//Act: an update is requested
collection.Update(unit);
//Assert: The entry that was added no longer contains sql injection code
Assert.AreNotEqual(malicious, unit.attrTwo);
}
public void DataRepository_Update_CollectionChanges()
{
//Arrange: Initialise a data repository
MockSqlRepository collection = new MockSqlRepository();
//Act: The entry is targeted for update
collection.Update(new MockDataUnit { attrOne=0, attrTwo="Entry 0", attrThree=5});
//Assert: The first entry has been changed to two
Assert.AreEqual(collection.FirstOrDefault().attrThree,5);
}
