def testCommentInput(self):
params = urllib.urlencode({'title': "title", 'text': "text", 'reply':None})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments", params)
with app.app_context():
db = get_db()
cur = db.execute('select text from entries where (text = ?)',["text"])
entrylist = cur.fetchall()
for entry in entrylist:
self.assertEquals(entry[0],"text")
def testReplyInput(self):
params = urllib.urlencode({'title': "title", 'text': "reply", 'reply':1})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments", params)
with app.app_context():
db = get_db()
cur = db.execute('select text from replies where (text = ?)',["reply"])
replylist = cur.fetchall()
for reply in replylist:
self.assertEquals(reply[0],"reply")
def testSQLInjection(self):
params = urllib.urlencode({'title': "title;DROP TABLE entries",
'text': "text;DROP TABLE entries",
'reply':None})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments", params)
with app.app_context():
db = get_db()
cur = db.execute('select * from entries')
entrylist = cur.fetchall()
self.assertNotEquals(len(entrylist),0)
def testSanitizeInput(self):
obscene = "f**k your shit, Marty; you're a dick"
correct_string = "enjoy your chocolate ice cream, worst TA ever; you're a fuzzy panda"
params = urllib.urlencode({'title': "test", 'text': obscene, 'reply':None})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments", params)
with app.app_context():
db = get_db()
cur = db.execute('select text from entries where (text = ?) order by id desc',[correct_string])
entrylist = cur.fetchall()
for entry in entrylist:
self.assertEquals(entry[0],correct_string)
def testSQLInjection(self):
params = urllib.urlencode({
'title': "title;DROP TABLE entries",
'text': "text;DROP TABLE entries",
'reply': None
})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments",
params)
with app.app_context():
db = get_db()
cur = db.execute('select * from entries')
entrylist = cur.fetchall()
self.assertNotEquals(len(entrylist), 0)
def testReplyInput(self):
params = urllib.urlencode({
'title': "title",
'text': "reply",
'reply': 1
})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments",
params)
with app.app_context():
db = get_db()
cur = db.execute('select text from replies where (text = ?)',
["reply"])
replylist = cur.fetchall()
for reply in replylist:
self.assertEquals(reply[0], "reply")
def testCommentInput(self):
params = urllib.urlencode({
'title': "title",
'text': "text",
'reply': None
})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments",
params)
with app.app_context():
db = get_db()
cur = db.execute('select text from entries where (text = ?)',
["text"])
entrylist = cur.fetchall()
for entry in entrylist:
self.assertEquals(entry[0], "text")
def testSanitizeInput(self):
obscene = "f**k your shit, Marty; you're a dick"
correct_string = "enjoy your chocolate ice cream, worst TA ever; you're a fuzzy panda"
params = urllib.urlencode({
'title': "test",
'text': obscene,
'reply': None
})
urllib.urlopen("http://localhost:5000/Assignment2.0/Input.py/comments",
params)
with app.app_context():
db = get_db()
cur = db.execute(
'select text from entries where (text = ?) order by id desc',
[correct_string])
entrylist = cur.fetchall()
for entry in entrylist:
self.assertEquals(entry[0], correct_string)
