Intelliscan / tests /conftest.py
simoox's picture
Upload 204 files
5e0bd20 verified
Raw
History Blame Contribute Delete
2.72 kB
"""Shared pytest fixtures."""
import pytest
@pytest.fixture
def sample_injection_results():
"""A small synthetic dataset that matches the schema produced by the Injector."""
return [
# SQLi - vulnerable (dump)
{
"target_url": "http://localhost:8080/vulnerabilities/sqli/",
"method": "GET",
"vuln_type": "sqli",
"param": "id",
"payload": "' OR 1=1-- ",
"status_code": 200,
"response_len": 4821,
"response_body": "<p>First name: admin Surname: admin</p>"
"<p>First name: gordon Surname: brown</p>"
"<p>First name: hack Surname: me</p>"
"<p>First name: pablo Surname: picasso</p>"
"<p>First name: smithy Surname: smith</p>",
},
# SQLi - not vulnerable
{
"target_url": "http://localhost:8080/vulnerabilities/sqli/",
"method": "GET",
"vuln_type": "sqli",
"param": "id",
"payload": "admin'--",
"status_code": 200,
"response_len": 4479,
"response_body": "<p>User ID:</p>",
},
# XSS - vulnerable (reflected)
{
"target_url": "http://localhost:8080/vulnerabilities/xss_r/",
"method": "GET",
"vuln_type": "xss_r",
"param": "name",
"payload": "<script>alert(1)</script>",
"status_code": 200,
"response_len": 3842,
"response_body": "<p>Hello <script>alert(1)</script></p>",
},
# LFI - vulnerable
{
"target_url": "http://localhost:8080/vulnerabilities/fi/",
"method": "GET",
"vuln_type": "lfi",
"param": "page",
"payload": "/etc/passwd",
"status_code": 200,
"response_len": 6823,
"response_body": "root:x:0:0:root:/root:/bin/bash\n"
"daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin",
},
# LFI - not vulnerable (path traversal blocked)
{
"target_url": "http://localhost:8080/vulnerabilities/fi/",
"method": "GET",
"vuln_type": "lfi",
"param": "page",
"payload": "../../etc/passwd",
"status_code": 200,
"response_len": 3241,
"response_body": "<p>Warning: include() failed to open stream</p>",
},
]
@pytest.fixture
def sample_labeled_results(sample_injection_results):
"""Labeled subset for ML training tests."""
from intelliscan.modules.analyzer import Analyzer
a = Analyzer(sample_injection_results)
return [r.to_dict() for r in a.run()]