"""Shared pytest fixtures.""" import pytest @pytest.fixture def sample_injection_results(): """A small synthetic dataset that matches the schema produced by the Injector.""" return [ # SQLi - vulnerable (dump) { "target_url": "http://localhost:8080/vulnerabilities/sqli/", "method": "GET", "vuln_type": "sqli", "param": "id", "payload": "' OR 1=1-- ", "status_code": 200, "response_len": 4821, "response_body": "
First name: admin Surname: admin
" "First name: gordon Surname: brown
" "First name: hack Surname: me
" "First name: pablo Surname: picasso
" "First name: smithy Surname: smith
", }, # SQLi - not vulnerable { "target_url": "http://localhost:8080/vulnerabilities/sqli/", "method": "GET", "vuln_type": "sqli", "param": "id", "payload": "admin'--", "status_code": 200, "response_len": 4479, "response_body": "User ID:
", }, # XSS - vulnerable (reflected) { "target_url": "http://localhost:8080/vulnerabilities/xss_r/", "method": "GET", "vuln_type": "xss_r", "param": "name", "payload": "", "status_code": 200, "response_len": 3842, "response_body": "Hello
", }, # LFI - vulnerable { "target_url": "http://localhost:8080/vulnerabilities/fi/", "method": "GET", "vuln_type": "lfi", "param": "page", "payload": "/etc/passwd", "status_code": 200, "response_len": 6823, "response_body": "root:x:0:0:root:/root:/bin/bash\n" "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin", }, # LFI - not vulnerable (path traversal blocked) { "target_url": "http://localhost:8080/vulnerabilities/fi/", "method": "GET", "vuln_type": "lfi", "param": "page", "payload": "../../etc/passwd", "status_code": 200, "response_len": 3241, "response_body": "Warning: include() failed to open stream
", }, ] @pytest.fixture def sample_labeled_results(sample_injection_results): """Labeled subset for ML training tests.""" from intelliscan.modules.analyzer import Analyzer a = Analyzer(sample_injection_results) return [r.to_dict() for r in a.run()]