azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 17:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2393bff1f23a1901f767ee6d2f9cd6810395d520
satellite-provider/_docs/02_document/tests/security-tests.md
T
Oleksandr Bezdieniezhnykh b0fffa6d42 [AZ-284] Autodev baseline + testability refactor 
Phase A baseline outputs from /autodev (Steps 1-5):
- Problem & solution docs (_docs/00_problem, _docs/01_solution)
- Codebase documentation (_docs/02_document) incl. architecture,
  module-layout, glossary, system-flows, baseline compliance scan
- Test specs (blackbox, performance, resilience, security, resource,
  traceability matrix)
- Test task decomposition (_docs/02_tasks/todo): AZ-285..AZ-290
- Testability refactor (_docs/04_refactoring/01-testability-refactoring):
  - TC-01 Move DownloadedTileInfoV2 + new ExistingTileInfo to Common.DTO
  - TC-02 Replace dead ISatelliteDownloader API with real signatures
  - TC-03 GoogleMapsDownloaderV2 implements ISatelliteDownloader
  - TC-04 TileService depends on ISatelliteDownloader (mockable)
  - TC-05 DI + endpoints use ISatelliteDownloader
- Test runner scripts (scripts/run-tests.sh, run-performance-tests.sh)
- Autodev state pointer (_docs/_autodev_state.md)

Prepares the codebase for AZ-285..AZ-290 unit/integration test work.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-10 04:44:08 +03:00

1.1 KiB
Raw Blame History

Security Test Scenarios

SEC-01: SQL Injection via Coordinate Parameters

Trigger: GET /api/satellite/tiles/latlon?Latitude=1;DROP TABLE tiles--&Longitude=1&ZoomLevel=18 Expected: Request rejected or treated as invalid parameter Pass criterion: HTTP 400 or parameter parsing error; no database damage; tiles table intact

SEC-02: Path Traversal in Tile Serving

Trigger: GET /tiles/18/../../../etc/passwd Expected: Request rejected; no file outside tiles directory served Pass criterion: HTTP 404 or 400; response body does not contain system file content

SEC-03: Oversized Region Request

Trigger: POST /api/satellite/request with sizeMeters=999999999 Expected: Either rejected or handled without resource exhaustion Pass criterion: No OOM; no infinite processing; either error response or bounded processing

SEC-04: Malformed JSON in Route Request

Trigger: POST /api/satellite/route with invalid JSON body Expected: Parse error returned Pass criterion: HTTP 400; error message indicates parsing failure; no crash

Reference in New Issue View Git Blame Copy Permalink