Behat Test: inject into search users box

Added a: I press the key "key" step
Currently works for 'enter' key and char keys, eg 'B'

Change-Id: I1d2cea37ef7bf1e0ae74974733abeae27106cb29

htdocs/testing/frameworks/behat/classes/BehatGeneral.php

@@ -314,6 +314,24 @@ class BehatGeneral extends BehatBase {
         $node->click();
     }
 
+    /**
+     * Press the key.
+     *
+     * @When /^I press the key "(?P<key>(?:[^"]|\\")*)" in the "(?P<element_container_string>(?:[^"]|\\")*)" field$/
+     * @param string $key_press want to simulate pressing
+     * @param string $nodeelement Element we focus on
+     */
+    public function i_key_press($key_press, $nodeelement) {
+
+        if (strtolower($key_press) == 'enter' || strtolower($key_press) == 'return') {
+            $key_press = 13;
+        }
+
+        $node = $this->get_selected_node('field', $nodeelement);
+
+        $node->keyPress($key_press);
+    }
+
     /**
      * Click on the link or button which is located inside the second element.
      *

test/behat/features/admin/search_box_sql.feature

+@javascript @core @core_administration
+Feature: Check search is free from sql vulnerability
+In order to check the main search field is secure
+As an admin I want to inject sql into the search field
+So I can check the field doesn't error
+
+
+Scenario: sql injection attempt on search field
+  Given I log in as "admin" with password "Password1"
+  And I wait "1" seconds
+  When I set the following fields to these values:
+   | Search users | 'or 1=1;-- |
+  And I press the key "Enter" in the "Search users" field
+  Then I should see "No search results found"
+
+