viktor/wrongmove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add security regression tests for all hardening fixes

Browse source 
- New: test_security_headers.py — verify all headers present, HSTS conditional on HTTPS
- New: test_passkey_error_handling.py — generic vs user-facing error messages
- New: test_poi_validation.py — field length and coordinate range constraints
- Extend test_rate_limiter.py — client IP depth selection, in-memory fallback enforcement
- Extend test_models.py — sqm range validation
- Extend test_task_service.py — IDOR 404, ownership 200, traceback suppression in production
This commit is contained in:
Viktor Barzin 2026-02-08 19:42:53 +00:00
parent 727dd537ef
commit 492921424e
No known key found for this signature in database
GPG key ID: 0EB088298288D958
6 changed files with 365 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tests/unit/test_models.py
View file

@ -445,6 +445,15 @@ class TestQueryParametersValidation:
max_bedrooms=3,
)
def test_invalid_sqm_range_raises(self) -> None:
"""min_sqm > max_sqm should raise ValidationError."""
with pytest.raises(ValidationError, match="min_sqm.*must be <= max_sqm"):
QueryParameters(
listing_type=ListingType.RENT,
min_sqm=100,
max_sqm=50,
)
class TestDestinationMode:
"""Tests for DestinationMode."""