github.com/crowdsecurity/crowdsec@v1.6.1/pkg/exprhelpers/libinjection_test.go (about) 1 package exprhelpers 2 3 import ( 4 "testing" 5 6 "github.com/stretchr/testify/assert" 7 ) 8 9 func TestLibinjectionHelpers(t *testing.T) { 10 tests := []struct { 11 name string 12 function func(params ...any) (any, error) 13 params []any 14 expectResult any 15 }{ 16 { 17 name: "LibInjectionIsSQLI", 18 function: LibInjectionIsSQLI, 19 params: []any{"?__f__73=73&&__f__75=75&delivery=1&max=24.9&min=15.9&n=12&o=2&p=(select(0)from(select(sleep(15)))v)/*'%2B(select(0)from(select(sleep(15)))v)%2B'\x22%2B(select(0)from(select(sleep(15)))v)%2B\x22*/&rating=4"}, 20 expectResult: true, 21 }, 22 { 23 name: "LibInjectionIsSQLI - no match", 24 function: LibInjectionIsSQLI, 25 params: []any{"?bla=42&foo=bar"}, 26 expectResult: false, 27 }, 28 { 29 name: "LibInjectionIsSQLI - no match 2", 30 function: LibInjectionIsSQLI, 31 params: []any{"https://foo.com/asdkfj?bla=42&foo=bar"}, 32 expectResult: false, 33 }, 34 { 35 name: "LibInjectionIsXSS", 36 function: LibInjectionIsXSS, 37 params: []any{"<script>alert('XSS')</script>"}, 38 expectResult: true, 39 }, 40 { 41 name: "LibInjectionIsXSS - no match", 42 function: LibInjectionIsXSS, 43 params: []any{"?bla=42&foo=bar"}, 44 expectResult: false, 45 }, 46 { 47 name: "LibInjectionIsXSS - no match 2", 48 function: LibInjectionIsXSS, 49 params: []any{"https://foo.com/asdkfj?bla=42&foo[]=bar&foo"}, 50 expectResult: false, 51 }, 52 } 53 54 for _, test := range tests { 55 t.Run(test.name, func(t *testing.T) { 56 result, _ := test.function(test.params...) 57 assert.Equal(t, test.expectResult, result) 58 }) 59 } 60 }