detections/e2e/tests/test_security.py

import os

import pytest
import requests


def test_nft_sec_01_malformed_multipart(base_url, http_client):
    url = f"{base_url.rstrip('/')}/detect/image"
    r1 = requests.post(
        url,
        data=b"not-multipart-body",
        headers={"Content-Type": "multipart/form-data"},
        timeout=30,
    )
    assert r1.status_code in (400, 422)
    r2 = requests.post(
        url,
        data=b"does-not-match-boundary",
        headers={"Content-Type": "multipart/form-data; boundary=----abc"},
        timeout=30,
    )
    assert r2.status_code in (400, 422)
    r3 = requests.post(
        url,
        files={"file": ("", b"", "")},
        timeout=30,
    )
    assert r3.status_code in (400, 401, 422)
    assert http_client.get("/health").status_code == 200


@pytest.mark.timeout(30)
def test_nft_sec_02_oversized_request(http_client, auth_headers):
    large = os.urandom(50 * 1024 * 1024)
    try:
        r = http_client.post(
            "/detect/image",
            files={"file": ("large.jpg", large, "image/jpeg")},
            headers=auth_headers,
            timeout=15,
        )
    except requests.RequestException:
        pass
    else:
        assert r.status_code != 500
        assert r.status_code in (413, 400, 422)
    assert http_client.get("/health").status_code == 200