def test_ignore_non_vulnerable(self, mock_client):
f = io.StringIO()
with redirect_stdout(f):
main.main([
f'{URL}/schema',
'-t',
'basic.get_public_listing',
'-f',
'test_data/nested',
])
# Non-vulnerable endpoints will be run, but the result of the IDORPlugin
# will be ignored since the endpoint is marked as non-vulnerable. This
# is why the result "passes".
assert '1 passed' in f.getvalue()
f = io.StringIO()
with redirect_stdout(f):
main.main([
f'{URL}/schema',
'-t',
'basic.get_public_listing',
'-f',
'test_data/nested',
'--ignore-non-vulnerable',
])
# On the other hand, excluded endpoints aren't even run. Since we're
# only specifying one test to run here, we'll get a blank test result.
assert 'No tests run!' in f.getvalue()
def test_ignore_exceptions_hides_exceptions(self, mock_client):
assert not main.main([
'{}/schema'.format(URL),
'-t',
'constant.get_will_throw_error',
'--ignore-exceptions',
])
def test_success(self, mock_client):
# TODO: This is more of a smoke test right now. It flags,
# because it identifies IDOR, but this also masks other errors.
# We should address this again, when we implement whitelist
# functionality.
assert main.main([
'{}/schema'.format(URL),
'-f',
'test_data/nested',
])
def test_ignore_exceptions_still_shows_vulnerabilities(self, mock_client):
assert main.main([
'{}/schema'.format(URL),
'-t',
'constant.get_will_throw_error',
'-t',
'basic.get_private_listing',
'--ignore-exceptions',
'-f',
'test_data/nested',
])
def test_returns_one_if_failure(self):
assert main.main([URL])