tests: fix ruff lint errors in security tests

2026-01-18 10:04:27 +01:00
parent 661dab4a81
commit 97bf955820
5 changed files with 19 additions and 21 deletions
--- a/tests/security/pentest_session.py
+++ b/tests/security/pentest_session.py
@@ -16,9 +16,9 @@ BASE_URL = "http://127.0.0.1:5099"
 def request(url, method="GET", data=None, headers=None):
    """Make HTTP request."""
    headers = headers or {}
-    req = urllib.request.Request(url, data=data, headers=headers, method=method)
+    req = urllib.request.Request(url, data=data, headers=headers, method=method)  # noqa: S310
    try:
-        with urllib.request.urlopen(req, timeout=30) as resp:
+        with urllib.request.urlopen(req, timeout=30) as resp:  # noqa: S310
            return resp.status, resp.read(), dict(resp.headers)
    except urllib.error.HTTPError as e:
        return e.code, e.read(), dict(e.headers)
@@ -86,7 +86,7 @@ def run_tests():
    print("\n[Phase 1] Reconnaissance")
    print("-" * 40)

-    status, body, headers = request(f"{BASE_URL}/")
+    status, body, _ = request(f"{BASE_URL}/")
    log_test("GET / returns API info", status == 200)

    status, body, _ = request(f"{BASE_URL}/health")
@@ -225,7 +225,7 @@ def run_tests():
        status, body, _ = request(f"{BASE_URL}/", "POST", payload.encode(), pow_headers)
        if status == 201:
            data = json.loads(body)
-            status2, content, _ = request(f"{BASE_URL}/{data['id']}/raw")
+            _, content, _ = request(f"{BASE_URL}/{data['id']}/raw")
            log_test("SSTI payload stored safely", b"49" not in content)
            paste_ids.append(data["id"])
            pow_headers = get_pow_headers()
@@ -233,7 +233,7 @@ def run_tests():
    # XSS in content
    xss_payload = b"<script>alert('xss')</script>"
    pow_headers = get_pow_headers()
-    status, body, headers = request(f"{BASE_URL}/", "POST", xss_payload, pow_headers)
+    status, body, _ = request(f"{BASE_URL}/", "POST", xss_payload, pow_headers)
    if status == 201:
        data = json.loads(body)
        status, content, resp_headers = request(f"{BASE_URL}/{data['id']}/raw")
@@ -261,11 +261,9 @@ def run_tests():
    print("-" * 40)

    # Make many rapid requests
-    hit_limit = False
-    for i in range(100):
+    for _ in range(100):
        status, _, _ = request(f"{BASE_URL}/health")
        if status == 429:
-            hit_limit = True
            break
    log_test("Rate limiting active on reads", True)  # May or may not hit