1+ """
2+ Module containing test cases for a FastAPI application.
3+
4+ This module uses the FastAPI TestClient to perform unit tests on endpoints
5+ defined in the `main` FastAPI app. The tests include checking responses for
6+ various endpoints under normal and edge-case scenarios.
7+ """
8+
9+ # pylint: disable=wrong-import-position
10+
11+ import sys
12+ import os
13+ from fastapi.testclient import TestClient
14+
15+ # Add the parent directory to the system path for imports
16+ sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), "..")))
17+
18+ from main import app # Adjust the import if your file is named differently
19+
20+ client = TestClient(app)
21+
22+
23+ def test_index():
24+ """
25+ Test the index route (`/`).
26+
27+ Ensures the endpoint returns a 200 status code and the correct JSON response.
28+ """
29+ response = client.get("/")
30+ assert response.status_code == 200
31+ assert response.json() == {"message": "Hello World!"}
32+
33+
34+ def test_get_user_sql_injection():
35+ """
36+ Test the `/users` endpoint for SQL injection vulnerability.
37+
38+ Sends a malicious input to ensure the query is logged or handled securely.
39+ """
40+ response = client.get("/users", params={"username": "admin'; DROP TABLE users; --"})
41+ assert response.status_code == 200
42+ # Ensure the query is built with the vulnerable input
43+ assert "DROP TABLE users" in response.json()["query"]
44+
45+
46+ def test_read_file_valid_path(tmp_path):
47+ """
48+ Test the `/read_file` endpoint with a valid file path.
49+
50+ Creates a temporary file, sends its path to the endpoint, and verifies the
51+ content is returned correctly.
52+ """
53+ temp_file = tmp_path / "test.txt"
54+ temp_file.write_text("This is a test file.")
55+ response = client.get("/read_file", params={"file_path": str(temp_file)})
56+ assert response.status_code == 200
57+ assert response.json() == {"content": "This is a test file."}
58+
59+
60+ def test_read_file_invalid_path():
61+ """
62+ Test the `/read_file` endpoint with an invalid file path.
63+
64+ Sends a non-existent file path and ensures the response contains an error.
65+ """
66+ response = client.get("/read_file", params={"file_path": "/non/existent/file.txt"})
67+ assert response.status_code == 500
68+ assert "detail" in response.json()
69+
70+
71+ def test_error_endpoint():
72+ """
73+ Test the `/error` endpoint.
74+
75+ Ensures the endpoint raises a 500 Internal Server Error as expected and
76+ verifies the error type.
77+ """
78+ try:
79+ response = client.get("/error")
80+ assert response.status_code == 500 # Should raise a 500 Internal Server Error
81+ except ZeroDivisionError as err:
82+ assert "division by zero" in str(err)
83+
84+
85+ def test_upload_file():
86+ """
87+ Test the `/upload` endpoint with a dummy file.
88+
89+ Verifies that a file can be uploaded successfully and the correct response
90+ is returned.
91+ """
92+ file_content = b"dummy content"
93+ files = {"file": ("test.txt", file_content, "text/plain")}
94+ response = client.post("/upload", files=files)
95+ assert response.status_code == 200
96+ assert response.json() == {"message": "File uploaded successfully"}
97+
98+
99+ def test_secure_data_with_valid_token():
100+ """
101+ Test the `/secure-data` endpoint with a valid token.
102+
103+ Sends a valid token and ensures the secure data is returned.
104+ """
105+ response = client.get("/secure-data", params={"token": "1234567890"})
106+ assert response.status_code == 200
107+ assert response.json() == {"data": "Sensitive Data"}
108+
109+
110+ def test_secure_data_with_invalid_token():
111+ """
112+ Test the `/secure-data` endpoint with an invalid token.
113+
114+ Sends an invalid token and ensures a 403 Forbidden status code is returned.
115+ """
116+ response = client.get("/secure-data", params={"token": "wrong_token"})
117+ assert response.status_code == 403
118+ assert response.json() == {"message": "Forbidden"}
119+
0 commit comments