Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(middleware): encoded SQL query triggers suspicious activity log

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2026-05-06 20:13:56 +02:00
parent 620798577e
commit 7c525e71cb
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/middleware/security_logging_test.go
+23
View File
@@ -6,6 +6,7 @@ import (
"log" "log"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"net/url"
"strings" "strings"
"testing" "testing"
"time" "time"
@@ -566,6 +567,28 @@ func TestSuspiciousActivityMiddleware_NoSuspiciousActivity(t *testing.T) {
} }
} }
func TestSuspiciousActivityMiddleware_EncodedSQLInQuery(t *testing.T) {
var buf bytes.Buffer
logger := &SecurityLogger{
logger: log.New(&buf, "[SECURITY] ", log.LstdFlags|log.Lshortfile),
}
handler := SuspiciousActivityMiddleware(logger)(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}))
q := url.Values{}
q.Set("s", "' OR '1'='1")
req := httptest.NewRequest("GET", "/search?"+q.Encode(), nil)
rec := httptest.NewRecorder()
handler.ServeHTTP(rec, req)
out := buf.String()
if !strings.Contains(out, "SQL injection") {
t.Fatalf("expected SQL injection log, got %q", out)
}
}
func TestSuspiciousActivityMiddleware_Debug(t *testing.T) { func TestSuspiciousActivityMiddleware_Debug(t *testing.T) {
t.Run("SQL Detection", func(t *testing.T) { t.Run("SQL Detection", func(t *testing.T) {