Merge branch 'main' into chore_timestamps

test/api_endpoints/test_devices_endpoints.py

@@ -159,9 +159,13 @@ def test_devices_totals(client, api_token, test_mac):
     # 3. Ensure the response is a JSON list
     data = resp.json
     assert isinstance(data, list)
-    assert len(data) ==  len(get_device_conditions())  # devices, connected, favorites, new, down, archived
 
-    # 4. Check that at least 1 device exists
+    # 4. Dynamically get expected length
+    conditions = get_device_conditions()
+    expected_length = len(conditions)
+    assert len(data) == expected_length
+
+    # 5. Check that at least 1 device exists
     assert data[0] >= 1  # 'devices' count includes the dummy device
 
 

test/backend/test_sql_security.py

@@ -123,7 +123,7 @@ class TestSafeConditionBuilder(unittest.TestCase):
             "'; DROP TABLE Devices; --",
             "' UNION SELECT * FROM Settings --",
             "' OR 1=1 --",
-            "'; INSERT INTO Events VALUES(1,2,3); --",
+            "'; INSERT OR IGNORE INTO Events VALUES(1,2,3); --",
             "' AND (SELECT COUNT(*) FROM sqlite_master) > 0 --",
             "'; ATTACH DATABASE '/etc/passwd' AS pwn; --"
         ]

test/integration/integration_test.py

@@ -204,7 +204,7 @@ def test_sql_injection_prevention(builder):
         "'; DROP TABLE Events_Devices; --",
         "' OR '1'='1",
         "1' UNION SELECT * FROM Devices --",
-        "'; INSERT INTO Events VALUES ('hacked'); --",
+        "'; INSERT OR IGNORE INTO Events VALUES ('hacked'); --",
         "' AND (SELECT COUNT(*) FROM sqlite_master) > 0 --"
     ]
     for payload in malicious_inputs: