merge: testing → main (reconcile 2-week divergence)

2026-04-28 18:36:00 -04:00
parent 499836c9e4
commit 862e4dbb31
1235 changed files with 160255 additions and 7996 deletions
--- a/tests/api/credentials/init.py
+++ b/tests/api/credentials/init.py
--- a/tests/api/credentials/test_get_credentials.py
+++ b/tests/api/credentials/test_get_credentials.py
@@ -0,0 +1,85 @@
+import pytest
+import httpx
+from hypothesis import given, settings, strategies as st
+from ..conftest import _FUZZ_SETTINGS
+
+
+@pytest.mark.anyio
+async def test_get_credentials_empty(client: httpx.AsyncClient, auth_token: str):
+    resp = await client.get(
+        "/api/v1/credentials",
+        headers={"Authorization": f"Bearer {auth_token}"},
+    )
+    assert resp.status_code == 200
+    data = resp.json()
+    assert "total" in data
+    assert "data" in data
+    assert isinstance(data["data"], list)
+
+
+@pytest.mark.anyio
+async def test_credentials_pagination(client: httpx.AsyncClient, auth_token: str):
+    resp = await client.get(
+        "/api/v1/credentials?limit=1&offset=0",
+        headers={"Authorization": f"Bearer {auth_token}"},
+    )
+    assert resp.status_code == 200
+    assert resp.json()["limit"] == 1
+
+
+@pytest.mark.anyio
+async def test_credentials_requires_auth(client: httpx.AsyncClient):
+    resp = await client.get("/api/v1/credentials")
+    assert resp.status_code == 401
+
+
+@pytest.mark.anyio
+async def test_credentials_filter_passthrough(
+    client: httpx.AsyncClient, auth_token: str
+):
+    # Filter values that match no rows should still 200 with empty data.
+    resp = await client.get(
+        "/api/v1/credentials",
+        params={"service": "ssh", "attacker_ip": "10.0.0.1", "search": "nope"},
+        headers={"Authorization": f"Bearer {auth_token}"},
+    )
+    assert resp.status_code == 200
+    body = resp.json()
+    assert body["data"] == []
+
+
+@pytest.mark.fuzz
+@pytest.mark.anyio
+@settings(**_FUZZ_SETTINGS)
+@given(
+    limit=st.integers(min_value=-2000, max_value=5000),
+    offset=st.integers(min_value=-2000, max_value=5000),
+    service=st.one_of(st.none(), st.text(max_size=256)),
+    attacker_ip=st.one_of(st.none(), st.text(max_size=64)),
+    search=st.one_of(st.none(), st.text(max_size=2048)),
+)
+async def test_fuzz_credentials_query(
+    client: httpx.AsyncClient,
+    auth_token: str,
+    limit: int,
+    offset: int,
+    service,
+    attacker_ip,
+    search,
+) -> None:
+    params: dict = {"limit": limit, "offset": offset}
+    if service is not None:
+        params["service"] = service
+    if attacker_ip is not None:
+        params["attacker_ip"] = attacker_ip
+    if search is not None:
+        params["search"] = search
+    try:
+        resp = await client.get(
+            "/api/v1/credentials",
+            params=params,
+            headers={"Authorization": f"Bearer {auth_token}"},
+        )
+        assert resp.status_code in (200, 422)
+    except UnicodeEncodeError:
+        pass