-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathyodojo.py
45 lines (31 loc) · 1.25 KB
/
yodojo.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
from unittest import TestCase, main
def search(name=None, email=None):
where = ""
if email:
email = email.replace("'", r"\'")
where = "WHERE email='" + email + "'"
if name:
name = name.replace("'", r"\'")
where = "WHERE name='" + name + "'"
return "SELECT * FROM user " + where + ";"
def formata_parametro(nome_parametro, valor_parametro):
nome_parametro = nome_parametro.replace("'", r"\'")
return "WHERE " + nome_parametro + "='" + valor_parametro + "'"
class SearchTest(TestCase):
def test_all(self):
sql = "SELECT * FROM user ;"
self.assertEqual(sql, search())
def test_name(self):
sql = "SELECT * FROM user WHERE name='Lauro';"
self.assertEqual(sql, search(name="Lauro"))
def test_any_name(self):
sql = r"SELECT * FROM user WHERE name='Henrique\'; DROP TABLE user ;';"
self.assertEqual(sql, search(name="Henrique'; DROP TABLE user ;"))
def test_email(self):
sql = "SELECT * FROM user WHERE email='[email protected]';"
self.assertEqual(sql, search(email="[email protected]"))
def test_any_email(self):
sql= r"SELECT * FROM user WHERE email='[email protected]\'; DROP TABLE user ;';"
self.assertEqual(sql, search(email="[email protected]'; DROP TABLE user ;"))
#select * from user where name = 'Henrique'; Drop Table user; '
main()