Get an account request by ID in SQL injection tests (#12956)

src/it/java/teammates/it/storage/sqlapi/AccountRequestsDbIT.java

@@ -122,7 +122,7 @@ public void testSqlInjectionInCreateAccountRequestEmailField() throws Exception
 
         // The system should treat the input as a plain text string
         accountRequestDb.createAccountRequest(accountRequest);
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), accountRequest.getInstitute());
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(email, actual.getEmail());
     }
 
@@ -137,7 +137,7 @@ public void testSqlInjectionInCreateAccountRequestNameField() throws Exception {
 
         // The system should treat the input as a plain text string
         accountRequestDb.createAccountRequest(accountRequest);
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), accountRequest.getInstitute());
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(name, actual.getName());
     }
 
@@ -152,26 +152,10 @@ public void testSqlInjectionInCreateAccountRequestInstituteField() throws Except
 
         // The system should treat the input as a plain text string
         accountRequestDb.createAccountRequest(accountRequest);
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), institute);
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(institute, actual.getInstitute());
     }
 
-    @Test
-    public void testSqlInjectionInGetAccountRequest() throws Exception {
-        ______TS("SQL Injection test in getAccountRequest");
-
-        AccountRequest accountRequest =
-                new AccountRequest("test@gmail.com", "name", "institute", AccountRequestStatus.PENDING, "comments");
-        accountRequestDb.createAccountRequest(accountRequest);
-
-        String instituteInjection = "institute'; DROP TABLE account_requests; --";
-        AccountRequest actualInjection = accountRequestDb.getAccountRequest(accountRequest.getEmail(), instituteInjection);
-        assertNull(actualInjection);
-
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), accountRequest.getInstitute());
-        assertEquals(accountRequest, actual);
-    }
-
     @Test
     public void testSqlInjectionInGetAccountRequestByRegistrationKey() throws Exception {
         ______TS("SQL Injection test in getAccountRequestByRegistrationKey");
@@ -200,7 +184,7 @@ public void testSqlInjectionInUpdateAccountRequest() throws Exception {
         accountRequest.setName(nameInjection);
         accountRequestDb.updateAccountRequest(accountRequest);
 
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), accountRequest.getInstitute());
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(accountRequest, actual);
     }
 
@@ -219,7 +203,7 @@ public void testSqlInjectionInDeleteAccountRequest() throws Exception {
                 AccountRequestStatus.PENDING, "comments");
         accountRequestDb.deleteAccountRequest(accountRequestInjection);
 
-        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getEmail(), accountRequest.getInstitute());
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(accountRequest, actual);
     }
 
@@ -235,7 +219,7 @@ public void testSqlInjectionSearchAccountRequestsInWholeSystem() throws Exceptio
         List<AccountRequest> actualInjection = accountRequestDb.searchAccountRequestsInWholeSystem(searchInjection);
         assertEquals(0, actualInjection.size());
 
-        AccountRequest actual = accountRequestDb.getAccountRequest("test@gmail.com", "institute");
+        AccountRequest actual = accountRequestDb.getAccountRequest(accountRequest.getId());
         assertEquals(accountRequest, actual);
     }
 }