def test_xss_header(namespace):
sdep_name = "mymodel"
sdep_path = to_resources_path("graph-echo.json")
retry_run(f"kubectl apply -f {sdep_path} -n {namespace}")
wait_for_status(sdep_name, namespace)
wait_for_rollout(sdep_name, namespace)
res = rest_request(sdep_name, namespace)
assert "X-Content-Type-Options" in res.headers
assert res.headers["X-Content-Type-Options"] == "nosniff"
def test_xss_escaping(namespace):
sdep_name = "mymodel"
sdep_path = to_resources_path("graph-echo.json")
retry_run(f"kubectl apply -f {sdep_path} -n {namespace}")
wait_for_status(sdep_name, namespace)
wait_for_rollout(sdep_name, namespace)
payload = '<div class="div-class"></div>'
expected = '\\u003cdiv class=\\"div-class\\"\\u003e\\u003c/div\\u003e'
res = rest_request(sdep_name, namespace, data=payload, dtype="strData")
# We need to compare raw text. Otherwise, Python interprets the escaped
# sequences.
assert res.text == f'{{"meta":{{}},"strData":"{expected}"}}\n'
def test_text_alibi_explainer(self, namespace):
spec = "../resources/movies-text-explainer.yaml"
retry_run(f"kubectl apply -f {spec} -n {namespace}")
wait_for_status("movie", namespace)
wait_for_rollout("movie", namespace, expected_deployments=2)
time.sleep(5)
logging.warning("Initial request")
r = initial_rest_request("movie",
namespace,
data=["This is test data"],
dtype="ndarray")
assert r.status_code == 200
e = rest_request(
"movie",
namespace,
data=["This is test data"],
dtype="ndarray",
method="explain",
predictor_name="movies-predictor",
)
assert e.status_code == 200
logging.warning("Success for test_prepack_sklearn")
run(f"kubectl delete -f {spec} -n {namespace}", shell=True)