import pytest from fastapi import HTTPException from src.middleware import ( inspect_value, inspect_json, has_control_chars, XSS_PATTERN, SQLI_PATTERN ) def test_xss_patterns(): # Test common XSS payloads in be-optimumoh payloads = [ "", "javascript:alert(1)", "onerror=alert(1)", "onload=alert(1)", "", "source") assert excinfo.value.status_code == 422 assert "Invalid request parameters" in excinfo.value.detail with pytest.raises(HTTPException) as excinfo: inspect_value("UNION SELECT * FROM users", "source") assert excinfo.value.status_code == 422 assert "Invalid request parameters" in excinfo.value.detail def test_inspect_json_raises(): with pytest.raises(HTTPException) as excinfo: inspect_json({"__proto__": "polluted"}) assert excinfo.value.status_code == 422 assert "Invalid request parameters" in excinfo.value.detail def test_has_control_chars(): assert has_control_chars("normal string") is False assert has_control_chars("string with \x00 null") is True assert has_control_chars("string with \n newline") is False