$30
#
For this lab, you will use your knowledge of SQL and SQL-Injection vulnerabilities to construct several strings to attack vulnerable code.
The `input.txt` file currently shows what would be "normal" or "safe" input for each of several queries, one input per line. You need to create "unsafe" input which will take advantage of the vulnerabilities written into the code.
As with Homework 5, you can run `python -m unittest restaurant_test.py`, after modifying the expected connection details at the top of the file.
## Assignment
Each test will use only one line of the input file, and each test will start with a fresh install of the schema. The goal of each test is defined here:
### Test One
Output all ingredients in the database, rather than just one.
### Test Two
The objective is the same as for Test One: Output all ingredients in the database, rather than just one.
Note that here, the `Restaurant` class makes an attempt at a more sophisticated method for constructing the query.
### Test Three
The Restaurant class provides a `find_course_recipes` method to find all the recipes for a given course. Note that it will exclude any recipes marked as "experimental."
Here, your SQL Injection attack should return all the recipes for the "Dessert" course, including the experimental ones.
### Test Four
Sabotage the restaurant by defaulting the `filled` values on all new orders to `now()`
(Remember that you can use `ALTER TABLE mytable ALTER COLUMN mycolumn ...` to modify the definition of an existing table)
### Test Five
This has the same objective as Test Three: return all the recipes (including experimental ones) for the "Dessert" course.
Note that here, an attempt has been made by the creators of the `Restaurant` class to sanitize user data.