string_spec.rb in ronin-support-0.4.0.rc1

- old
+ new
@@ -18,38 +18,58 @@
 
   it "should provide the #sql_decode method" do
     @string.should respond_to(:sql_decode)
   end
 
-  describe "SQL escaping" do
+  describe "#sql_escape" do
     it "should be able to single-quote escape" do
       @string_with_quotes.sql_escape(:single).should == %{'"O''Brian"'}
     end
 
     it "should be able to double-quote escape" do
       @string_with_quotes.sql_escape(:double).should == %{"""O'Brian"""}
     end
   end
 
-  describe "SQL-hex encoding" do
+  describe "#sql_encode" do
     it "should be able to be SQL-hex encoded" do
       @string.sql_encode.should == @sql_encoded
     end
 
     it "should return an empty String if empty" do
       ''.sql_encode.should == ''
     end
   end
 
-  describe "SQL-hex decoding" do
+  describe "#sql_decode" do
     it "should be able to be SQL-hex decoded" do
       encoded = @string.sql_encode
 
       encoded.should == @sql_encoded
       encoded.sql_decode.should == @string
     end
 
     it "should be able to decode SQL comma-escaping" do
       "'Conan O''Brian'".sql_decode.should == "Conan O'Brian"
+    end
+  end
+
+  describe "#sql_inject" do
+    context "when there is a leading quote character" do
+      it "should remove the first and last quote character" do
+        "'1' OR '1'='1'".sql_inject.should == "1' OR '1'='1"
+      end
+
+      context "when there is no matching leading/trailing quote characters" do
+        it "should comment-terminate the String" do
+          "'1' OR 1=1".sql_inject.should == "1' OR 1=1--"
+        end
+      end
+    end
+
+    context "when there is no leading quote character" do
+      it "should not modify the String" do
+        "1 OR 1=1".sql_inject.should == "1 OR 1=1"
+      end
     end
   end
 end