From 9e629cddf7683ccf36031fbf882d3473659b41ee Mon Sep 17 00:00:00 2001
From: pasha1coil <pashamullin202@gmail.com>
Date: Mon, 14 Jul 2025 11:01:36 +0300
Subject: [PATCH] -

---
 tests/main_test.go | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/tests/main_test.go b/tests/main_test.go
index 22a3f43..f700a70 100644
--- a/tests/main_test.go
+++ b/tests/main_test.go
@@ -1602,13 +1602,13 @@ func TestManualDone_Performance(t *testing.T) {
 
 func TestManualDone_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
-		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": "1' OR '1'='1"})
+		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": sqlInjectionInput})
 		assert.NoError(t, err)
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})
 
 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": "<script>alert('xss')</script>"})
+		resp, err := manualDoneRequest(validAdminToken, map[string]string{"id": xssInput})
 		assert.NoError(t, err)
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
 	})
@@ -1773,7 +1773,7 @@ func TestCreateLeadTarget_Security(t *testing.T) {
 		resp, err := createLeadTargetRequest(validToken, map[string]interface{}{
 			"type":   "mail",
 			"quizID": 123,
-			"target": "<script>alert('xss')</script>",
+			"target": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@@ -2048,7 +2048,7 @@ func TestUpdateLeadTarget_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := updateLeadTargetRequest(validToken, map[string]interface{}{
 			"id":     123,
-			"target": "<script>alert('xss')</script>",
+			"target": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@@ -2297,7 +2297,7 @@ func TestDeleteLeadTarget_Security(t *testing.T) {
 	})
 
 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := deleteLeadTargetRequest(validToken, "<script>alert('xss')</script>")
+		resp, err := deleteLeadTargetRequest(validToken, xssInput)
 		assert.NoError(t, err)
 		defer resp.Body.Close()
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@@ -2493,7 +2493,7 @@ func TestGetLeadTargetByQuizID_Security(t *testing.T) {
 	})
 
 	t.Run("XSSAttack", func(t *testing.T) {
-		resp, err := getLeadTargetByQuizIDRequest(validToken, "<script>alert('xss')</script>")
+		resp, err := getLeadTargetByQuizIDRequest(validToken, xssInput)
 		assert.NoError(t, err)
 		defer resp.Body.Close()
 		assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
@@ -2768,7 +2768,7 @@ func TestCreateQuestion_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := createQuestionRequest(validToken, map[string]interface{}{
 			"quiz_id": 12345,
-			"title":   "<script>alert('xss')</script>",
+			"title":   xssInput,
 			"type":    "variant",
 		})
 		assert.NoError(t, err)
@@ -3465,7 +3465,7 @@ func TestEditQuestion_Security(t *testing.T) {
 	t.Run("XSSAttack", func(t *testing.T) {
 		resp, err := editQuestionRequest(validToken, map[string]interface{}{
 			"id":    questionID,
-			"title": "<script>alert('xss')</script>",
+			"title": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@@ -4730,8 +4730,8 @@ func TestCreateQuiz_Conflict(t *testing.T) {
 func TestCreateQuiz_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
 		resp, err := createQuizRequest(validToken, map[string]interface{}{
-			"name":        "'; DROP TABLE quizzes; --",
-			"description": "'; DELETE FROM users; --",
+			"name":        sqlInjectionInput,
+			"description": sqlInjectionInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@@ -4741,8 +4741,8 @@ func TestCreateQuiz_Security(t *testing.T) {
 
 	t.Run("XSS", func(t *testing.T) {
 		resp, err := createQuizRequest(validToken, map[string]interface{}{
-			"name":        "<script>alert('xss')</script>",
-			"description": "<img src=x onerror=alert('xss')>",
+			"name":        xssInput,
+			"description": xssInput,
 		})
 		assert.NoError(t, err)
 		defer resp.Body.Close()
@@ -5465,8 +5465,8 @@ func TestEditQuiz_Security(t *testing.T) {
 	t.Run("SQLInjection", func(t *testing.T) {
 		resp, err := editQuizRequest(validToken, map[string]interface{}{
 			"id":   101,
-			"name": "'; DROP TABLE quizzes; --",
-			"desc": "'; DELETE FROM users; --",
+			"name": sqlInjectionInput,
+			"desc": sqlInjectionInput,
 			"conf": "{}",
 		})
 		assert.NoError(t, err)
@@ -5477,8 +5477,8 @@ func TestEditQuiz_Security(t *testing.T) {
 	t.Run("XSS", func(t *testing.T) {
 		resp, err := editQuizRequest(validToken, map[string]interface{}{
 			"id":   101,
-			"name": "<script>alert('xss')</script>",
-			"desc": "<img src=x onerror=alert('xss')>",
+			"name": xssInput,
+			"desc": xssInput,
 			"conf": "{}",
 		})
 		assert.NoError(t, err)