anti
f2b3393669
Replaces LICENSE (GPLv3 -> AGPLv3) and prepends `SPDX-License-Identifier: AGPL-3.0-or-later` to every source file across decnet/, decnet_web/, tests/, scripts/, and tools/. Rationale: closes the GPLv3 ASP loophole so any party operating a modified DECNET as a network service must offer their modified source. Personal copyright (Samuel Paschuan) + inbound=outbound contributions make a future unilateral relicense infeasible. - LICENSE: full AGPL-3.0 text (gnu.org/licenses/agpl-3.0.txt) - COPYRIGHT: project copyright notice - tools/add_spdx_headers.py: idempotent header injector (shebang- and PEP 263-aware) Touches 1565 source files (.py, .ts, .tsx, .js, .jsx, .css, .sh). No behavior change; comments only.
87 lines
2.5 KiB
Python
87 lines
2.5 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
import pytest
|
|
import httpx
|
|
from hypothesis import given, settings, strategies as st
|
|
from ..conftest import _FUZZ_SETTINGS
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_get_credentials_empty(client: httpx.AsyncClient, auth_token: str):
|
|
resp = await client.get(
|
|
"/api/v1/credentials",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
data = resp.json()
|
|
assert "total" in data
|
|
assert "data" in data
|
|
assert isinstance(data["data"], list)
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_credentials_pagination(client: httpx.AsyncClient, auth_token: str):
|
|
resp = await client.get(
|
|
"/api/v1/credentials?limit=1&offset=0",
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
assert resp.json()["limit"] == 1
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_credentials_requires_auth(client: httpx.AsyncClient):
|
|
resp = await client.get("/api/v1/credentials")
|
|
assert resp.status_code == 401
|
|
|
|
|
|
@pytest.mark.anyio
|
|
async def test_credentials_filter_passthrough(
|
|
client: httpx.AsyncClient, auth_token: str
|
|
):
|
|
# Filter values that match no rows should still 200 with empty data.
|
|
resp = await client.get(
|
|
"/api/v1/credentials",
|
|
params={"service": "ssh", "attacker_ip": "10.0.0.1", "search": "nope"},
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code == 200
|
|
body = resp.json()
|
|
assert body["data"] == []
|
|
|
|
|
|
@pytest.mark.fuzz
|
|
@pytest.mark.anyio
|
|
@settings(**_FUZZ_SETTINGS)
|
|
@given(
|
|
limit=st.integers(min_value=-2000, max_value=5000),
|
|
offset=st.integers(min_value=-2000, max_value=5000),
|
|
service=st.one_of(st.none(), st.text(max_size=256)),
|
|
attacker_ip=st.one_of(st.none(), st.text(max_size=64)),
|
|
search=st.one_of(st.none(), st.text(max_size=2048)),
|
|
)
|
|
async def test_fuzz_credentials_query(
|
|
client: httpx.AsyncClient,
|
|
auth_token: str,
|
|
limit: int,
|
|
offset: int,
|
|
service,
|
|
attacker_ip,
|
|
search,
|
|
) -> None:
|
|
params: dict = {"limit": limit, "offset": offset}
|
|
if service is not None:
|
|
params["service"] = service
|
|
if attacker_ip is not None:
|
|
params["attacker_ip"] = attacker_ip
|
|
if search is not None:
|
|
params["search"] = search
|
|
try:
|
|
resp = await client.get(
|
|
"/api/v1/credentials",
|
|
params=params,
|
|
headers={"Authorization": f"Bearer {auth_token}"},
|
|
)
|
|
assert resp.status_code in (200, 422)
|
|
except UnicodeEncodeError:
|
|
pass
|