""" 安全测试 测试内容: - SQL注入测试 - XSS测试 - CSRF测试 - 权限绕过测试 - 敏感数据泄露测试 - 认证绕过测试 """ import pytest # class TestSQLInjection: # """测试SQL注入攻击""" # # def test_sql_injection_in_login(self, client: TestClient): # """测试登录接口的SQL注入""" # malicious_inputs = [ # "admin' OR '1'='1", # "admin'--", # "admin'/*", # "' OR 1=1--", # "'; DROP TABLE users--", # "admin' UNION SELECT * FROM users--", # "' OR '1'='1' /*", # "1' AND 1=1--", # "admin'; INSERT INTO users VALUES--", # ] # # for malicious_input in malicious_inputs: # response = client.post( # "/api/v1/auth/login", # json={ # "username": malicious_input, # "password": "Test123", # "captcha": "1234", # "captcha_key": "test" # } # ) # # # 应该返回认证失败,而不是数据库错误或成功登录 # assert response.status_code in [401, 400, 422] # # # 如果返回成功,说明存在SQL注入漏洞 # if response.status_code == 200: # pytest.fail(f"SQL注入漏洞检测: {malicious_input}") # # def test_sql_injection_in_search(self, client: TestClient, auth_headers): # """测试搜索接口的SQL注入""" # malicious_inputs = [ # "'; DROP TABLE assets--", # "1' OR '1'='1", # "'; SELECT * FROM users--", # "admin' UNION SELECT * FROM assets--", # ] # # for malicious_input in malicious_inputs: # response = client.get( # "/api/v1/assets", # params={"keyword": malicious_input}, # headers=auth_headers # ) # # # 应该正常返回或参数错误,不应该报数据库错误 # assert response.status_code in [200, 400, 422] # # def test_sql_injection_in_id_parameter(self, client: TestClient, auth_headers): # """测试ID参数的SQL注入""" # malicious_ids = [ # "1 OR 1=1", # "1; DROP TABLE assets--", # "1' UNION SELECT * FROM users--", # "1' AND 1=1--", # ] # # for malicious_id in malicious_ids: # response = client.get( # f"/api/v1/assets/{malicious_id}", # headers=auth_headers # ) # # # 应该返回404或参数错误 # assert response.status_code in [404, 400, 422] # # def test_sql_injection_in_order_by(self, client: TestClient, auth_headers): # """测试排序参数的SQL注入""" # malicious_inputs = [ # "id; DROP TABLE users--", # "id OR 1=1", # "id' AND '1'='1", # ] # # for malicious_input in malicious_inputs: # response = client.get( # "/api/v1/assets", # params={"sort_by": malicious_input}, # headers=auth_headers # ) # # # 应该返回参数错误 # assert response.status_code in [400, 422] # # def test_second_order_sql_injection(self, client: TestClient, auth_headers): # """测试二阶SQL注入""" # # 先创建包含恶意代码的数据 # malicious_data = { # "asset_name": "test'; DROP TABLE assets--", # "device_type_id": 1, # "organization_id": 1 # } # # create_response = client.post( # "/api/v1/assets", # headers=auth_headers, # json=malicious_data # ) # # # 如果创建成功,尝试查询 # if create_response.status_code == 200: # # 查询应该不会触发SQL注入 # response = client.get( # "/api/v1/assets", # headers=auth_headers # ) # assert response.status_code == 200 # class TestXSS: # """测试XSS跨站脚本攻击""" # # def test_xss_in_asset_name(self, client: TestClient, auth_headers): # """测试资产名称的XSS""" # xss_payloads = [ # "", # "", # "", # "javascript:alert('XSS')", # "", # ] # # for payload in xss_payloads: # response = client.post( # "/api/v1/assets", # headers=auth_headers, # json={ # "asset_name": payload, # "device_type_id": 1, # "organization_id": 1 # } # ) # # if response.status_code == 200: # # 获取数据 # asset_id = response.json()["data"]["id"] # get_response = client.get( # f"/api/v1/assets/{asset_id}", # headers=auth_headers # ) # # # 验证XSS payload被转义或过滤 # content = get_response.text # assert "" # # response = client.get( # "/api/v1/assets", # params={"keyword": xss_payload}, # headers=auth_headers # ) # # # 验证XSS payload被转义 # content = response.text # assert "