mirror of
https://github.com/azaion/detections.git
synced 2026-04-22 22:16:31 +00:00
Oleksandr Bezdieniezhnykh
1.8 KiB
1.8 KiB
Security Tests
NFT-SEC-01: Malformed multipart payload handling
Summary: Verify that the service handles malformed multipart requests without crashing. Traces to: AC-API-2 (security)
Steps:
| Step | Consumer Action | Expected Response |
|---|---|---|
| 1 | Send POST /detect with truncated multipart body (missing boundary) |
400 or 422 — not 500 |
| 2 | Send POST /detect with Content-Type: multipart but no file part |
400 — empty image |
| 3 | GET /health after malformed requests |
Service is still healthy |
Pass criteria: All malformed requests return 4xx. Service remains operational.
NFT-SEC-02: Oversized request body
Summary: Verify system behavior when an extremely large file is uploaded. Traces to: RESTRICT-OP-4
Steps:
| Step | Consumer Action | Expected Response |
|---|---|---|
| 1 | Send POST /detect with a 500 MB random file |
Error response (413, 400, or timeout) — not OOM crash |
| 2 | GET /health |
Service is still running |
Pass criteria: Service does not crash or run out of memory. Returns an error or times out gracefully.
NFT-SEC-03: JWT token is forwarded without modification
Summary: Verify that the Authorization header is forwarded to the Annotations service as-is. Traces to: AC-API-3
Steps:
| Step | Consumer Action | Expected Response |
|---|---|---|
| 1 | POST /detect/test-media-sec with Authorization: Bearer test-jwt-123 and x-refresh-token: refresh-456 |
{"status": "started"} |
| 2 | After processing, query mock-annotations GET /mock/annotations |
Recorded request contains Authorization: Bearer test-jwt-123 header |
Pass criteria: Exact token received by mock-annotations matches what the consumer sent.