public void DataRepository_UpdatingMalicousHtml_WillConvertToSafe() { //Arrange: A data repository and malicious entry are created MockSqlRepository collection = new MockSqlRepository(); string malicious = "<div>Hello, world!</div>"; MockDataUnit unit = new MockDataUnit { key = 5, attrTwo = malicious, attrThree = 3 }; //Act: an update is requested collection.Update(unit); //Assert: The entry that was added no longer contains the malicious code. Assert.AreNotEqual(malicious, unit.attrTwo); }
public void DataRepository_UpdatingMalicousSqlHtml_WillConvertToSafe() { //Arrange: data repository and data unit with malicous and html code is created. MockSqlRepository collection = new MockSqlRepository(); string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; MockDataUnit unit = new MockDataUnit { key = 6, attrTwo = malicious, attrThree = 4 }; //Act: an update is requested collection.Update(unit); //Assert: The entry that was added no longer contains sql injection code Assert.AreNotEqual(malicious, unit.attrTwo); }
public void DataRepository_Update_CollectionChanges() { //Arrange: Initialise a data repository MockSqlRepository collection = new MockSqlRepository(); //Act: The entry is targeted for update collection.Update(new MockDataUnit { attrOne=0, attrTwo="Entry 0", attrThree=5}); //Assert: The first entry has been changed to two Assert.AreEqual(collection.FirstOrDefault().attrThree,5); }