diff --git a/tests/main_test.go b/tests/main_test.go
index 22a3f43..f700a70 100644
--- a/tests/main_test.go
+++ b/tests/main_test.go
@@ -1602,13 +1602,13 @@ func TestManualDone_Performance(t *testing.T) {
func TestManualDone_Security(t *testing.T) {
t.Run("SQLInjection", func(t *testing.T) {
- resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": "1' OR '1'='1"})
+ resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": sqlInjectionInput})
assert.NoError(t, err)
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
})
t.Run("XSSAttack", func(t *testing.T) {
- resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": ""})
+ resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": xssInput})
assert.NoError(t, err)
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
})
@@ -1773,7 +1773,7 @@ func TestCreateLeadTarget_Security(t *testing.T) {
resp, err := createLeadTargetRequest(validToken, map[string]interface{}{
"type": "mail",
"quizID": 123,
- "target": "",
+ "target": xssInput,
})
assert.NoError(t, err)
defer resp.Body.Close()
@@ -2048,7 +2048,7 @@ func TestUpdateLeadTarget_Security(t *testing.T) {
t.Run("XSSAttack", func(t *testing.T) {
resp, err := updateLeadTargetRequest(validToken, map[string]interface{}{
"id": 123,
- "target": "",
+ "target": xssInput,
})
assert.NoError(t, err)
defer resp.Body.Close()
@@ -2297,7 +2297,7 @@ func TestDeleteLeadTarget_Security(t *testing.T) {
})
t.Run("XSSAttack", func(t *testing.T) {
- resp, err := deleteLeadTargetRequest(validToken, "")
+ resp, err := deleteLeadTargetRequest(validToken, xssInput)
assert.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@@ -2493,7 +2493,7 @@ func TestGetLeadTargetByQuizID_Security(t *testing.T) {
})
t.Run("XSSAttack", func(t *testing.T) {
- resp, err := getLeadTargetByQuizIDRequest(validToken, "")
+ resp, err := getLeadTargetByQuizIDRequest(validToken, xssInput)
assert.NoError(t, err)
defer resp.Body.Close()
assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@@ -2768,7 +2768,7 @@ func TestCreateQuestion_Security(t *testing.T) {
t.Run("XSSAttack", func(t *testing.T) {
resp, err := createQuestionRequest(validToken, map[string]interface{}{
"quiz_id": 12345,
- "title": "",
+ "title": xssInput,
"type": "variant",
})
assert.NoError(t, err)
@@ -3465,7 +3465,7 @@ func TestEditQuestion_Security(t *testing.T) {
t.Run("XSSAttack", func(t *testing.T) {
resp, err := editQuestionRequest(validToken, map[string]interface{}{
"id": questionID,
- "title": "",
+ "title": xssInput,
})
assert.NoError(t, err)
defer resp.Body.Close()
@@ -4730,8 +4730,8 @@ func TestCreateQuiz_Conflict(t *testing.T) {
func TestCreateQuiz_Security(t *testing.T) {
t.Run("SQLInjection", func(t *testing.T) {
resp, err := createQuizRequest(validToken, map[string]interface{}{
- "name": "'; DROP TABLE quizzes; --",
- "description": "'; DELETE FROM users; --",
+ "name": sqlInjectionInput,
+ "description": sqlInjectionInput,
})
assert.NoError(t, err)
defer resp.Body.Close()
@@ -4741,8 +4741,8 @@ func TestCreateQuiz_Security(t *testing.T) {
t.Run("XSS", func(t *testing.T) {
resp, err := createQuizRequest(validToken, map[string]interface{}{
- "name": "",
- "description": "
",
+ "name": xssInput,
+ "description": xssInput,
})
assert.NoError(t, err)
defer resp.Body.Close()
@@ -5465,8 +5465,8 @@ func TestEditQuiz_Security(t *testing.T) {
t.Run("SQLInjection", func(t *testing.T) {
resp, err := editQuizRequest(validToken, map[string]interface{}{
"id": 101,
- "name": "'; DROP TABLE quizzes; --",
- "desc": "'; DELETE FROM users; --",
+ "name": sqlInjectionInput,
+ "desc": sqlInjectionInput,
"conf": "{}",
})
assert.NoError(t, err)
@@ -5477,8 +5477,8 @@ func TestEditQuiz_Security(t *testing.T) {
t.Run("XSS", func(t *testing.T) {
resp, err := editQuizRequest(validToken, map[string]interface{}{
"id": 101,
- "name": "",
- "desc": "",
+ "name": xssInput,
+ "desc": xssInput,
"conf": "{}",
})
assert.NoError(t, err)