forked from claw/flaskpaste
flaskpaste: initial commit with security hardening
Features: - REST API for text/binary pastes with MIME detection - Client certificate auth via X-SSL-Client-SHA1 header - SQLite with WAL mode for concurrent access - Automatic paste expiry with LRU cleanup Security: - HSTS, CSP, X-Frame-Options, X-Content-Type-Options - Cache-Control: no-store for sensitive responses - X-Request-ID tracing for log correlation - X-Proxy-Secret validation for defense-in-depth - Parameterized queries, input validation - Size limits (3 MiB anon, 50 MiB auth) Includes /health endpoint, container support, and 70 tests.
This commit is contained in:
Username
77
tests/conftest.py
Normal file
77
tests/conftest.py
Normal file
@@ -0,0 +1,77 @@
|
||||
"""Pytest fixtures for FlaskPaste tests."""
|
||||
|
||||
import pytest
|
||||
|
||||
from app import create_app
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def app():
|
||||
"""Create application for testing."""
|
||||
app = create_app("testing")
|
||||
yield app
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def client(app):
|
||||
"""Create test client."""
|
||||
return app.test_client()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def runner(app):
|
||||
"""Create CLI runner."""
|
||||
return app.test_cli_runner()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def sample_text():
|
||||
"""Sample text content for testing."""
|
||||
return "Hello, FlaskPaste!"
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def sample_json():
|
||||
"""Sample JSON payload for testing."""
|
||||
return {"content": "Hello from JSON!"}
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def auth_header():
|
||||
"""Valid authentication header."""
|
||||
return {"X-SSL-Client-SHA1": "a" * 40}
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def other_auth_header():
|
||||
"""Different valid authentication header."""
|
||||
return {"X-SSL-Client-SHA1": "b" * 40}
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def png_bytes():
|
||||
"""Minimal valid PNG bytes for testing."""
|
||||
return (
|
||||
b"\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01"
|
||||
b"\x00\x00\x00\x01\x08\x02\x00\x00\x00\x90wS\xde\x00"
|
||||
b"\x00\x00\x0cIDATx\x9cc\xf8\x0f\x00\x00\x01\x01\x00"
|
||||
b"\x05\x18\xd8N\x00\x00\x00\x00IEND\xaeB`\x82"
|
||||
)
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def jpeg_bytes():
|
||||
"""Minimal JPEG magic bytes for testing."""
|
||||
return b"\xff\xd8\xff\xe0\x00\x10JFIF\x00"
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def zip_bytes():
|
||||
"""ZIP magic bytes for testing."""
|
||||
return b"PK\x03\x04" + b"\x00" * 26
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def pdf_bytes():
|
||||
"""PDF magic bytes for testing."""
|
||||
return b"%PDF-1.4 test content"
|
||||
Reference in New Issue
Block a user