azaion/detections
1
0
Fork 0
mirror of https://github.com/azaion/detections.git synced 2026-04-22 21:56:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3984507221d99b93138e4d6a9570e9b97cdf7316
detections/e2e/tests/test_negative.py
T
Oleksandr Bezdieniezhnykh 097811a67b [AZ-178] Fix Critical/High security findings: auth, CVEs, non-root containers, per-job SSE 
- Pin all deps; h11==0.16.0 (CVE-2025-43859), python-multipart>=1.3.1 (CVE-2026-28356), PyJWT==2.12.1
- Add HMAC JWT verification (require_auth FastAPI dependency, JWT_SECRET-gated)
- Fix TokenManager._refresh() to use ADMIN_API_URL instead of ANNOTATIONS_URL
- Rename POST /detect → POST /detect/image (image-only, rejects video files)
- Replace global SSE stream with per-job SSE: GET /detect/{media_id} with event replay buffer
- Apply require_auth to all 4 protected endpoints
- Fix on_annotation/on_status closure to use mutable current_id for correct post-upload event routing
- Add non-root appuser to Dockerfile and Dockerfile.gpu
- Add JWT_SECRET to e2e/docker-compose.test.yml and run-tests.sh
- Update all e2e tests and unit tests for new endpoints and HMAC token signing
- 64/64 tests pass

Made-with: Cursor
2026-04-02 06:32:12 +03:00

47 lines
1.5 KiB
Python
Raw Blame History

import pytest
import requests
_DETECT_TIMEOUT = 60
def _assert_health_200(http_client):
r = http_client.get("/health")
assert r.status_code == 200
data = r.json()
assert data["status"] == "healthy"
assert data.get("errorMessage") is None
@pytest.mark.cpu
def test_ft_n_01_empty_image_returns_400(http_client, empty_image, auth_headers):
files = {"file": ("empty.jpg", empty_image, "image/jpeg")}
r = http_client.post("/detect/image", files=files, headers=auth_headers, timeout=30)
assert r.status_code == 400
body = r.json()
assert "detail" in body
assert body["detail"] == "Image is empty"
_assert_health_200(http_client)
@pytest.mark.cpu
def test_ft_n_02_corrupt_image_returns_400_or_422(http_client, corrupt_image, auth_headers):
files = {"file": ("corrupt.jpg", corrupt_image, "image/jpeg")}
r = http_client.post("/detect/image", files=files, headers=auth_headers, timeout=30)
assert r.status_code in (400, 422)
body = r.json()
assert "detail" in body
_assert_health_200(http_client)
@pytest.mark.cpu
def test_ft_n_03_loader_error_mode_detect_does_not_500(
http_client, mock_loader_url, image_small, auth_headers
):
cfg = requests.post(
f"{mock_loader_url}/mock/config", json={"mode": "error"}, timeout=10
)
cfg.raise_for_status()
files = {"file": ("small.jpg", image_small, "image/jpeg")}
r = http_client.post("/detect/image", files=files, headers=auth_headers, timeout=_DETECT_TIMEOUT)
assert r.status_code != 500
Reference in New Issue View Git Blame Copy Permalink