vectors.test.js
1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
'use strict';
/* jshint -W030 */
/* jshint -W110 */
var chai = require('chai')
, expect = chai.expect
, Sequelize = require('../../index')
, Support = require(__dirname + '/support')
, DataTypes = require(__dirname + '/../../lib/data-types')
, dialect = Support.getTestDialect()
, config = require(__dirname + '/../config/config')
, sinon = require('sinon')
, datetime = require('chai-datetime')
, uuid = require('node-uuid')
, current = Support.sequelize;
chai.should();
chai.use(datetime);
chai.config.includeStack = true;
describe(Support.getTestDialectTeaser('Vectors'), function() {
it('should not allow insert backslash', function () {
var Student = this.sequelize.define('student', {
name: Sequelize.STRING
}, {
tableName: 'student'
});
return Student.sync({force: true}).then(function () {
return Student.create({
name: 'Robert\\\'); DROP TABLE "students"; --'
}, {
logging: console.log
}).then(function(result) {
expect(result.get('name')).to.equal('Robert\\\'); DROP TABLE "students"; --');
return Student.findAll();
}).then(function(result) {
expect(result[0].name).to.equal('Robert\\\'); DROP TABLE "students"; --');
});
});
});
});