-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSQLInjectionUtilTests.java
More file actions
77 lines (61 loc) · 2.78 KB
/
Copy pathSQLInjectionUtilTests.java
File metadata and controls
77 lines (61 loc) · 2.78 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
package test.com.util;
import java.util.Arrays;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import SQLInjectionScannerUtil;
public class SQLInjectionUtilTests {
public static String [] reservedWords = null;
static String INJECTED_USER_SQL = "mlance and 1=1;";
static String INJECTED_CATALOGID_SQL = "mlance; drop product";
static String INJECTED_REVIEW_SQL = "sjohn; union by 1";
@Test
public void testSQLInjection() {
List<String> reservedWords = getReservedWords();
String deinjectSample = INJECTED_USER_SQL;
String deinjectRes = SQLInjectionScannerUtil.deInjectSQLInFieldValue(deinjectSample);
Assert.assertFalse(deinjectRes.equals(deinjectSample));
Assert.assertFalse(reservedWords.contains(deinjectRes));
deinjectSample = INJECTED_CATALOGID_SQL;
deinjectRes = SQLInjectionScannerUtil.deInjectSQLInFieldValue(deinjectSample);
Assert.assertFalse(deinjectRes.equals(deinjectSample));
Assert.assertFalse(reservedWords.contains(deinjectRes));
deinjectSample = INJECTED_REVIEW_SQL;
deinjectRes = SQLInjectionScannerUtil.deInjectSQLInFieldValue(deinjectSample);
Assert.assertFalse(deinjectRes.equals(deinjectSample));
Assert.assertFalse(reservedWords.contains(deinjectRes));
}
@Test
public void testFormSQLInjection() {
class TestSQLInjectionEntity{
private String userid;
private String catalogid;
private String reviewid;
public TestSQLInjectionEntity(String userid, String catalogid, String reviewid) {
super();
this.userid = userid;
this.catalogid = catalogid;
this.reviewid = reviewid;
}
}
Assert.assertTrue(SQLInjectionScannerUtil.checkSQLInjectionForForm(new TestSQLInjectionEntity(INJECTED_USER_SQL,INJECTED_CATALOGID_SQL,INJECTED_REVIEW_SQL)));
Assert.assertTrue(SQLInjectionScannerUtil.checkSQLInjectionForForm(new TestSQLInjectionEntity(INJECTED_USER_SQL,"","")));
Assert.assertTrue(SQLInjectionScannerUtil.checkSQLInjectionForForm(new TestSQLInjectionEntity("",INJECTED_CATALOGID_SQL,"")));
Assert.assertTrue(SQLInjectionScannerUtil.checkSQLInjectionForForm(new TestSQLInjectionEntity("","",INJECTED_REVIEW_SQL)));
Assert.assertFalse(SQLInjectionScannerUtil.checkSQLInjectionForForm(new TestSQLInjectionEntity("sken","3","sdan")));
}
private List<String> getReservedWords(){
String[] reservedWords = SQLInjectionScannerUtil.regExSQLInject.split("\\|");
if(null != reservedWords){
for(int iCur = 0; iCur < reservedWords.length; iCur++){
if( (null != reservedWords[iCur]) &&
(false == reservedWords[iCur].isEmpty())){
reservedWords[iCur] = reservedWords[iCur].replace("(", "");
reservedWords[iCur] = reservedWords[iCur].replace(")", "");
reservedWords[iCur] = reservedWords[iCur].replace(" ", "");
}
}
}
return Arrays.asList(reservedWords);
}
}