public void Injection_Sql_2_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "SELECT * FROM bookreviews WHERE ID = '5' AND '1'='1';", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }
public void Products_Post() { // Arrange var moqRepo = new Mock<IGroceryRepository>(); moqRepo.Setup(o => o.AddProduct(It.IsAny<string>(), It.IsAny<bool?>())); var controller = new ProductsController(moqRepo.Object); var product = new ProductMessage() { Name = "Tea", AddToList = false }; // Act controller.Post(product); // Assert moqRepo.Verify(o => o.AddProduct(It.IsAny<string>(), It.IsAny<bool>())); }
public void Injection_Sql_3_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "SELECT AccountNumber FROM Users WHERE Username='' OR 1=1", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }
public void Injection_Sql_1_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "SELECT * FROM userinfo WHERE id=1;DROP TABLE users", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }
public Product Post(ProductMessage product) { return _groceryRepository.AddProduct(product.Name, product.AddToList); }
public void No_Injection_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "tests", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsTrue(result); }
public void Injection_Xss_3_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "%3C%73%63%72%69%70%74%3E", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }
public void Injection_Xss_2_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "<script>alert('OK')</script>", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }
public void Injection_Xss_1_Returns_Valid() { // Arrange var model = new ProductMessage() { Name = "<img src='test'/>", AddToList = true }; var attribute = new InjectionValidatorAttribute(); // Act var result = attribute.IsValid(model.Name); // Assert Assert.IsFalse(result); }