Skip to content

public / sequelize

Go to a project

不要怂,就是干,撸起袖子干!

Commit 99d8ceda by Mick Hansen
Options

test: attack vector test for #3545

1 parent 06036ad3
Inline Side-by-side
Showing with 43 additions and 0 deletions
test/integration/vectors.test.js 0 → 100644
'use strict';
/* jshint -W030 */
/* jshint -W110 */
var chai = require('chai')
, expect = chai.expect
, Sequelize = require('../../index')
, Support = require(__dirname + '/support')
, DataTypes = require(__dirname + '/../../lib/data-types')
, dialect = Support.getTestDialect()
, config = require(__dirname + '/../config/config')
, sinon = require('sinon')
, datetime = require('chai-datetime')
, uuid = require('node-uuid')
, current = Support.sequelize;
chai.should();
chai.use(datetime);
chai.config.includeStack = true;
describe(Support.getTestDialectTeaser('Vectors'), function() {
it('should not allow insert backslash', function () {
var Student = this.sequelize.define('student', {
name: Sequelize.STRING
}, {
tableName: 'student'
});
return Student.sync({force: true}).then(function () {
return Student.create({
name: 'Robert\\\'); DROP TABLE "students"; --'
}, {
logging: console.log
}).then(function(result) {
expect(result.get('name')).to.equal('Robert\\\'); DROP TABLE "students"; --');
return Student.findAll();
}).then(function(result) {
expect(result[0].name).to.equal('Robert\\\'); DROP TABLE "students"; --');
});
});
});
});
\ No newline at end of file
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!