首页 项目目录 关于我们
Sign In
javascript
/
Sequelize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Sequelize
/
packages
/
core
/
test
/
integration
/
vectors.test.js

vectors.test.js 828 B
Permalink History Raw

123456789101112131415161718192021222324252627282930313233 
  1. 'use strict';
    2. 

  2. 

  3. const chai = require('chai');
    4. 

  4. 

  5. const expect = chai.expect;
    6. 

  6. const { DataTypes } = require('@sequelize/core');
    7. 

  7. const Support = require('./support');
    8. 

  8. 

  9. chai.should();
    10. 

  10. 

  11. describe(Support.getTestDialectTeaser('Vectors'), () => {
    12. 

  12.   it('should not allow insert backslash', async function () {
    13. 

  13.     const Student = this.sequelize.define(
    14. 

  14.       'student',
    15. 

  15.       {
    16. 

  16.         name: DataTypes.STRING,
    17. 

  17.       },
    18. 

  18.       {
    19. 

  19.         tableName: 'student',
    20. 

  20.       },
    21. 

  21.     );
    22. 

  22. 

  23.     await Student.sync({ force: true });
    24. 

  24. 

  25.     const result0 = await Student.create({
    26. 

  26.       name: 'Robert\\\'); DROP TABLE "students"; --',
    27. 

  27.     });
    28. 

  28. 

  29.     expect(result0.get('name')).to.equal('Robert\\\'); DROP TABLE "students"; --');
    30. 

  30.     const result = await Student.findAll();
    31. 

  31.     expect(result[0].name).to.equal('Robert\\\'); DROP TABLE "students"; --');
    32. 

  32.   });
    33. 

  33. });
    34.