Move test to MySQL test cases

hansott · hansott · commit d6bbeab835ec · 2025-02-04T17:53:13.000+01:00
`#` style comments are not supported in postgres and sqlite
diff --git a/test/aikido/zen/scanners/sql_injection_scanner_test.rb b/test/aikido/zen/scanners/sql_injection_scanner_test.rb
@@ -126,14 +126,6 @@ def refute_attack(query, input = query, *args)
       b
       c
     INPUT
-
-    assert_attack <<~QUERY.chomp, <<~INPUT.chomp
-      SELECT * FROM users WHERE id = 'a'
-      OR 1=1#'
-    QUERY
-      a'
-      OR 1=1#
-    INPUT
   end
 
   test "handles multiline queries" do
@@ -339,6 +331,16 @@ def refute_attack(query, input = query, *args)
       refute_attack "SELECT * FROM users WHERE id = 'SET CHARSET utf8'", "SET CHARSET utf8"
       refute_attack "SELECT * FROM users WHERE id = 'SET CHARSET=utf8'", "SET CHARSET=utf8"
     end
+
+    test "handles multiline inputs" do
+        assert_attack <<~QUERY.chomp, <<~INPUT.chomp
+          SELECT * FROM users WHERE id = 'a'
+          OR 1=1#'
+        QUERY
+          a'
+          OR 1=1#
+        INPUT
+    end
   end
 
   class TestPostgreSQLDialect < ActiveSupport::TestCase
