"""Shared pytest fixtures.""" import pytest @pytest.fixture def sample_injection_results(): """A small synthetic dataset that matches the schema produced by the Injector.""" return [ # SQLi - vulnerable (dump) { "target_url": "http://localhost:8080/vulnerabilities/sqli/", "method": "GET", "vuln_type": "sqli", "param": "id", "payload": "' OR 1=1-- ", "status_code": 200, "response_len": 4821, "response_body": "

First name: admin Surname: admin

" "

First name: gordon Surname: brown

" "

First name: hack Surname: me

" "

First name: pablo Surname: picasso

" "

First name: smithy Surname: smith

", }, # SQLi - not vulnerable { "target_url": "http://localhost:8080/vulnerabilities/sqli/", "method": "GET", "vuln_type": "sqli", "param": "id", "payload": "admin'--", "status_code": 200, "response_len": 4479, "response_body": "

User ID:

", }, # XSS - vulnerable (reflected) { "target_url": "http://localhost:8080/vulnerabilities/xss_r/", "method": "GET", "vuln_type": "xss_r", "param": "name", "payload": "", "status_code": 200, "response_len": 3842, "response_body": "

Hello

", }, # LFI - vulnerable { "target_url": "http://localhost:8080/vulnerabilities/fi/", "method": "GET", "vuln_type": "lfi", "param": "page", "payload": "/etc/passwd", "status_code": 200, "response_len": 6823, "response_body": "root:x:0:0:root:/root:/bin/bash\n" "daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin", }, # LFI - not vulnerable (path traversal blocked) { "target_url": "http://localhost:8080/vulnerabilities/fi/", "method": "GET", "vuln_type": "lfi", "param": "page", "payload": "../../etc/passwd", "status_code": 200, "response_len": 3241, "response_body": "

Warning: include() failed to open stream

", }, ] @pytest.fixture def sample_labeled_results(sample_injection_results): """Labeled subset for ML training tests.""" from intelliscan.modules.analyzer import Analyzer a = Analyzer(sample_injection_results) return [r.to_dict() for r in a.run()]