-

2025-07-14 11:01:36 +03:00 · 2025-07-14 11:01:36 +03:00 · 9e629cddf7
commit 9e629cddf7
parent 291b50d131
1 changed files with 16 additions and 16 deletions
--- a/tests/main_test.go
+++ b/tests/main_test.go
@ -1602,13 +1602,13 @@ func TestManualDone_Performance(t *testing.T) {

 func TestManualDone_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
-		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": "1' OR '1'='1"})
+		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": sqlInjectionInput})
 		assert.NoError(t, err)
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})

 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": "<script>alert('xss')</script>"})
+		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": xssInput})
 		assert.NoError(t, err)
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})
@ -1773,7 +1773,7 @@ func TestCreateLeadTarget_Security(t *testing.T) {
 		resp, err := createLeadTargetRequest(validToken, map[string]interface{}{
 			"type":   "mail",
 			"quizID": 123,
-			"target": "<script>alert('xss')</script>",
+			"target": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@ -2048,7 +2048,7 @@ func TestUpdateLeadTarget_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := updateLeadTargetRequest(validToken, map[string]interface{}{
 			"id":     123,
-			"target": "<script>alert('xss')</script>",
+			"target": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@ -2297,7 +2297,7 @@ func TestDeleteLeadTarget_Security(t *testing.T) {
 	})

 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := deleteLeadTargetRequest(validToken, "<script>alert('xss')</script>")
+		resp, err := deleteLeadTargetRequest(validToken, xssInput)
 		assert.NoError(t, err)
 		defer resp.Body.Close()
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@ -2493,7 +2493,7 @@ func TestGetLeadTargetByQuizID_Security(t *testing.T) {
 	})

 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := getLeadTargetByQuizIDRequest(validToken, "<script>alert('xss')</script>")
+		resp, err := getLeadTargetByQuizIDRequest(validToken, xssInput)
 		assert.NoError(t, err)
 		defer resp.Body.Close()
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@ -2768,7 +2768,7 @@ func TestCreateQuestion_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := createQuestionRequest(validToken, map[string]interface{}{
 			"quiz_id": 12345,
-			"title":   "<script>alert('xss')</script>",
+			"title":   xssInput,
 			"type":    "variant",
 		})
 		assert.NoError(t, err)
@ -3465,7 +3465,7 @@ func TestEditQuestion_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := editQuestionRequest(validToken, map[string]interface{}{
 			"id":    questionID,
-			"title": "<script>alert('xss')</script>",
+			"title": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@ -4730,8 +4730,8 @@ func TestCreateQuiz_Conflict(t *testing.T) {
 func TestCreateQuiz_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
 		resp, err := createQuizRequest(validToken, map[string]interface{}{
-			"name":        "'; DROP TABLE quizzes; --",
-			"description": "'; DELETE FROM users; --",
+			"name":        sqlInjectionInput,
+			"description": sqlInjectionInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@ -4741,8 +4741,8 @@ func TestCreateQuiz_Security(t *testing.T) {

 	t.Run("XSS", func(t *testing.T) {
 		resp, err := createQuizRequest(validToken, map[string]interface{}{
-			"name":        "<script>alert('xss')</script>",
-			"description": "<img src=x onerror=alert('xss')>",
+			"name":        xssInput,
+			"description": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@ -5465,8 +5465,8 @@ func TestEditQuiz_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
 		resp, err := editQuizRequest(validToken, map[string]interface{}{
 			"id":   101,
-			"name": "'; DROP TABLE quizzes; --",
-			"desc": "'; DELETE FROM users; --",
+			"name": sqlInjectionInput,
+			"desc": sqlInjectionInput,
 			"conf": "{}",
 		})
 		assert.NoError(t, err)
@ -5477,8 +5477,8 @@ func TestEditQuiz_Security(t *testing.T) {
 	t.Run("XSS", func(t *testing.T) {
 		resp, err := editQuizRequest(validToken, map[string]interface{}{
 			"id":   101,
-			"name": "<script>alert('xss')</script>",
-			"desc": "<img src=x onerror=alert('xss')>",
+			"name": xssInput,
+			"desc": xssInput,
 			"conf": "{}",
 		})
 		assert.NoError(t, err)