public async Task CreateWithSqlInjectionTest()
{
var connectionFactory = new DefaultConnectionFactory();
var seasonDao = new GenericDao <Entities.Season>(connectionFactory);
var expectedDomainObject = new Entities.Season()
{
Name = "'DELETE FROM [Hurace].[Sex];--",
StartDate = DateTime.Now.AddDays(-365).Date,
EndDate = DateTime.Now.Date
};
var actualDomainObjectId = await seasonDao.CreateAsync(expectedDomainObject)
.ConfigureAwait(false);
var actualDomainObject = await seasonDao.GetByIdAsync(actualDomainObjectId)
.ConfigureAwait(false);
Assert.Equal(expectedDomainObject.Name, actualDomainObject.Name);
Assert.Equal(expectedDomainObject.StartDate, actualDomainObject.StartDate);
Assert.Equal(expectedDomainObject.EndDate, actualDomainObject.EndDate);
var sexDao = new GenericDao <Entities.Sex>(connectionFactory);
Assert.Equal(2, (await sexDao.GetAllConditionalAsync().ConfigureAwait(false)).Count());
}
public void CreateWithInvalidNewObject()
{
var skierDao = new GenericDao <Entities.Skier>(new DefaultConnectionFactory());
Assert.ThrowsAsync <ArgumentNullException>(() => skierDao.CreateAsync(null));
}