| """ |
| Shortlist — Security Module Tests |
| |
| Tests for security middleware and utility functions. |
| """ |
|
|
| import pytest |
|
|
| from app.security import sanitize_string, validate_github_url |
|
|
|
|
| class TestSanitizeString: |
| """Tests for input sanitization.""" |
|
|
| def test_collapses_whitespace(self): |
| result = sanitize_string("hello world\n\tthere") |
| assert result == "hello world there" |
|
|
| def test_removes_null_bytes(self): |
| result = sanitize_string("hello\x00world") |
| assert "\x00" not in result |
| assert result == "helloworld" |
|
|
| def test_strips_leading_trailing_whitespace(self): |
| result = sanitize_string(" hello world ") |
| assert result == "hello world" |
|
|
| def test_handles_empty_string(self): |
| result = sanitize_string("") |
| assert result == "" |
|
|
| def test_preserves_normal_text(self): |
| text = "Looking for a Senior Python Engineer with 5+ years" |
| result = sanitize_string(text) |
| assert result == text |
|
|
|
|
| class TestValidateGithubUrl: |
| """Tests for GitHub URL validation and SSRF prevention.""" |
|
|
| def test_valid_https_github_url(self): |
| result = validate_github_url("https://github.com/user/repo") |
| assert result == "https://github.com/user/repo" |
|
|
| def test_valid_deep_path(self): |
| result = validate_github_url("https://github.com/org/repo") |
| assert result == "https://github.com/org/repo" |
|
|
| def test_rejects_http_url(self): |
| with pytest.raises(ValueError): |
| validate_github_url("http://github.com/user/repo") |
|
|
| def test_rejects_non_github_host(self): |
| with pytest.raises(ValueError): |
| validate_github_url("https://gitlab.com/user/repo") |
|
|
| def test_rejects_github_lookalike(self): |
| with pytest.raises(ValueError): |
| validate_github_url("https://github.com.evil.com/user/repo") |
|
|
| def test_rejects_path_traversal(self): |
| with pytest.raises(ValueError): |
| validate_github_url("https://github.com/../etc/passwd") |
|
|
| def test_rejects_empty_string(self): |
| with pytest.raises(ValueError): |
| validate_github_url("") |
|
|
| def test_rejects_javascript_protocol(self): |
| with pytest.raises(ValueError): |
| validate_github_url("javascript:alert(1)") |
|
|
